Updated converted sigma rules for version version/7.3

config/uberAgent-ESA-am-sigma-high-windows.conf

@@ -8516,19 +8516,6 @@ GenericProperty1 = Reg.TargetObject
 GenericProperty2 = Reg.Value.Data
 
 
-[ThreatDetectionRule platform=Windows]
-# Detects the image load of VSS DLL by uncommon executables
-# Author: frack113
-RuleId = 48bfd177-7cf2-412b-ad77-baf923489e82
-RuleName = Suspicious Volume Shadow Copy Vsstrace.dll Load
-EventType = Image.Load
-Tag = suspicious-volume-shadow-copy-vsstrace.dll-load
-RiskScore = 75
-Annotation = {"mitre_attack": ["T1490"], "author": "frack113"}
-Query = Image.Path like r"%\\vsstrace.dll" and not (Process.Path in ["C:\\Windows\\explorer.exe", "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe"] or Process.Path like r"C:\\Windows\\System32\\%" or Process.Path like r"C:\\Windows\\SysWOW64\\%" or Process.Path like r"C:\\Windows\\Temp\\{%" or Process.Path like r"C:\\Windows\\WinSxS\\%" or Process.Path like r"C:\\Program Files\\%" or Process.Path like r"C:\\Program Files (x86)\\%")
-GenericProperty1 = Image.Path
-
-
 [ThreatDetectionRule platform=Windows]
 # Detects the execution of powershell, a WebClient object creation and the invocation of DownloadFile in a single command line
 # Author: Florian Roth (Nextron Systems)