diff --git a/scripts/policy/frameworks/files/detect-MHR.zeek b/scripts/policy/frameworks/files/detect-MHR.zeek
index aa632a778d..8c48a44f1b 100644
--- a/scripts/policy/frameworks/files/detect-MHR.zeek
+++ b/scripts/policy/frameworks/files/detect-MHR.zeek
@@ -16,7 +16,7 @@ export {
 
 	## File types to attempt matching against the Malware Hash Registry.
 	option match_file_types = /application\/x-dosexec/ |
-	                         /application\/vnd.ms-cab-compressed/ |
+	                         /application\/vnd\.ms-cab-compressed/ |
 	                         /application\/pdf/ |
 	                         /application\/x-shockwave-flash/ |
 	                         /application\/x-java-applet/ |
diff --git a/scripts/policy/frameworks/software/windows-version-detection.zeek b/scripts/policy/frameworks/software/windows-version-detection.zeek
index 50177b2e9b..4a327b2d7f 100644
--- a/scripts/policy/frameworks/software/windows-version-detection.zeek
+++ b/scripts/policy/frameworks/software/windows-version-detection.zeek
@@ -54,7 +54,7 @@ export {
 
 event HTTP::log_http(rec: HTTP::Info) &priority=5
         {
-        if ( rec?$host && rec?$user_agent && /crl.microsoft.com/ in rec$host &&
+        if ( rec?$host && rec?$user_agent && /crl\.microsoft\.com/ in rec$host &&
              /Microsoft-CryptoAPI\// in rec$user_agent )
                 {
                 if ( rec$user_agent !in crypto_api_mapping )