diff --git a/Vagrant/resources/splunk_server/transforms.conf b/Vagrant/resources/splunk_server/transforms.conf
index cdf7ff3..db76ad0 100644
--- a/Vagrant/resources/splunk_server/transforms.conf
+++ b/Vagrant/resources/splunk_server/transforms.conf
@@ -20,7 +20,7 @@ DEST_KEY = queue
 FORMAT = nullQueue
 
 [autoruns_wineventlog_null]
-REGEX = "Script\sName\s=\sC\:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
+REGEX = "C:\\Program Files\\AutorunsToWinEventLog\\AutorunsToWinEventLog.ps1"
 DEST_KEY = queue
 FORMAT = nullQueue