diff --git a/sysmonconfig-export.xml b/sysmonconfig-export.xml
index f6688b3..8c1c82a 100644
--- a/sysmonconfig-export.xml
+++ b/sysmonconfig-export.xml
@@ -311,6 +311,11 @@
tasklist.exe
wmic.exe
wscript.exe
+
+ >
+ WINWORD.exe
+ EXCEL.exe >
+
nc.exe
ncat.exe