diff --git a/sysmonconfig-export.xml b/sysmonconfig-export.xml
index f6688b3..851f8b4 100644
--- a/sysmonconfig-export.xml
+++ b/sysmonconfig-export.xml
@@ -311,6 +311,9 @@
tasklist.exe
wmic.exe
wscript.exe
+
+ WINWORD.exe
+ EXCEL.exe >
nc.exe
ncat.exe