diff --git a/decoders/0380-windows_decoders.xml b/decoders/0380-windows_decoders.xml
index 895b1b3bc..0cd1980a3 100644
--- a/decoders/0380-windows_decoders.xml
+++ b/decoders/0380-windows_decoders.xml
@@ -91,7 +91,7 @@
   <type>web-log</type>
   <use_own_name>true</use_own_name>
   <prematch offset="after_parent">^\S+ GET |^\S+ POST</prematch>
-  <regex offset="after_parent">^\S+ (\w+) (\S+ \S+) (\S+) \S+ (\S+) (\S+) \.*(\d\d\d) </regex>
+  <regex offset="after_parent">^\S+ (\w+) (\S+ \S+) (\S+) \S+ (\S+) (\S+) \S+ (\d\d\d) |^\S+ (\w+) (\S+ \S+) (\S+) \S+ (\S+) (\S+) \.*(\d\d\d) </regex>
   <order>action, url, srcport, srcip, user_agent, id</order>
 </decoder>