diff --git a/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml b/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
index f36862b02..f3851f177 100644
--- a/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
+++ b/sigma/sysmon/network_connection/net_connection_win_susp_epmap.yml
@@ -7,7 +7,7 @@ references:
     - https://github.com/RiccardoAncarani/TaskShell/
 author: frack113, Tim Shelton (fps)
 date: 2022/07/14
-modified: 2023/09/01
+modified: 2023/09/28
 tags:
     - attack.lateral_movement
     - sysmon
@@ -30,6 +30,8 @@ detection:
         Image: null
     filter_image_null2:
         Image: ''
+    filter_image_unknown:
+        Image: <unknown process>
     condition: network_connection and (selection and not 1 of filter_*)
 falsepositives:
     - Unknown