[Rule Tuning] D-Bus Service Created (#5076)

Author: Aegrah

rules/linux/persistence_dbus_service_creation.toml

@@ -2,7 +2,7 @@
 creation_date = "2025/01/16"
 integration = ["endpoint", "sentinel_one_cloud_funnel"]
 maturity = "production"
-updated_date = "2025/03/20"
+updated_date = "2025/09/09"
 
 [rule]
 author = ["Elastic"]
@@ -117,7 +117,6 @@ file.extension in ("service", "conf") and file.path like~ (
     "/usr/sbin/sshd", "/usr/bin/gitlab-runner", "/opt/gitlab/embedded/bin/ruby", "/usr/sbin/gdm", "/usr/bin/install",
     "/usr/local/manageengine/uems_agent/bin/dcregister"
   ) or
-  file.Ext.original.extension == "dpkg-new" or
   process.executable : (
     "/nix/store/*", "/var/lib/dpkg/*", "/tmp/vmis.*", "/snap/*", "/dev/fd/*", "/usr/lib/virtualbox/*"
   ) or