diff --git a/modules/processing/curtain.py b/modules/processing/curtain.py
index fba5fc053..8c830f042 100644
--- a/modules/processing/curtain.py
+++ b/modules/processing/curtain.py
@@ -114,6 +114,8 @@ def buildBehaviors(entry, behaviorTags):
 
     behaviorCol["Token Manipulation"] = [["CreateProcessWithTokenA"],["CreateProcessWithTokenW"],["AdjustTokenPrivileges"],["DuplicateToken"],["OpenProcessToken"],["WTSQueryUserToken"]]
 
+    behaviorCol["Modifies Shadowcopy"] = [["Win32_Shadowcopy"]]
+
     for event in entry:
         for message in entry[event]:
             message = entry[event][message]