User condition in exclusions for RegistryEvents

[schwf5]

Hi Olaf
Since I tried to reduce the amount of events with ID 13 I thought about exclude certain events when user condition is "NT AUTHORITY\SYSTEM". But as soon as I add a user condition within a AND-group relation it breaks the rule.
Did you test the following one of your rule set and did it behave correctly?

 <Rule groupRelation="and">
          <Image condition="is">C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe</Image>
          <TargetFilename condition="contains all">C:\Windows\Temp;__PSScriptPolicyTest;.ps1</TargetFilename>
          <User condition="is">NT AUTHORITY\SYSTEM</User>
</Rule>

kr Fabian