filter additional noise

Author: olafhartong

Diff for: 12_13_14_registry_event/exclude_windows_misc.xml

@@ -33,6 +33,12 @@
 					<Image condition="is">C:\Windows\system32\lsass.exe</Image>
 					<TargetObject condition="contains">HKLM\System\CurrentControlSet\Services</TargetObject>
 				</Rule>
+				<Rule groupRelation="and">
+					<TargetObject condition="contains">SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization</TargetObject>
+					<Image condition="is">C:\Windows\System32\svchost.exe</Image>
+				</Rule>
+				<TargetObject condition="is">HKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime</TargetObject>
+				<TargetObject condition="is">HKLM\System\CurrentControlSet\Services\SmsRouter\State\Registration\Ids</TargetObject>
 			</RegistryEvent>
 		</RuleGroup>
 	</EventFiltering>