Hello, I am dropping nxlog.exe and dns.exe but not targeting the EventIDs at the same time. Here are my two entries that are working:
Exec if $Application =~ /\\device\\.....\\.....\\nxlog\\nxlog.exe/ drop();
Exec if $Application =~ /dns.exe/ drop();
Hope that helps!