LoFP / very common in environments that rely heavily on macro documents

condition: selection and not 1 of filter_main_*
filter_main_office:
  Image|endswith:
  - \WINWORD.EXE
  - \EXCEL.EXE
  - \POWERPNT.EXE
  Image|startswith:
  - C:\Program Files\Microsoft Office\
  - C:\Program Files (x86)\Microsoft Office\
  TargetFilename|contains: \~$
selection:
  TargetFilename|endswith:
  - .docm
  - .dotm
  - .xlsm
  - .xltm
  - .potm
  - .pptm