diff --git a/mvt/common/indicators.py b/mvt/common/indicators.py
index b9e23e4..72e4be0 100644
--- a/mvt/common/indicators.py
+++ b/mvt/common/indicators.py
@@ -436,6 +436,27 @@ class Indicators:
 
         return None
 
+    def check_file_path_process(self, file_path: str) -> Union[dict, None]:
+        """Check the provided file path contains a process name from the
+        list of indicators
+
+        :param file_path: File path or file name to check against file
+        indicators
+        :type file_path: str
+        :returns: Indicator details if matched, otherwise None
+
+        """
+        if not file_path:
+            return None
+
+        for ioc in self.get_iocs("processes"):
+            parts = file_path.split("/")
+            if ioc["value"] in parts:
+                self.log.warning("Found known suspicious process name mentioned in file at "
+                                  "path \"%s\" matching indicators from \"%s\"",
+                                  file_path, ioc["name"])
+                return ioc
+
     def check_profile(self, profile_uuid: str) -> Union[dict, None]:
         """Check the provided configuration profile UUID against the list of
         indicators.
diff --git a/mvt/ios/modules/fs/filesystem.py b/mvt/ios/modules/fs/filesystem.py
index 4bfb5b4..3d85076 100644
--- a/mvt/ios/modules/fs/filesystem.py
+++ b/mvt/ios/modules/fs/filesystem.py
@@ -57,14 +57,10 @@ class Filesystem(IOSExtraction):
             if self.fast_mode:
                 continue
 
-            for ioc in self.indicators.get_iocs("processes"):
-                parts = result["path"].split("/")
-                if ioc["value"] in parts:
-                    self.log.warning("Found known suspicious process name mentioned in file at "
-                                     "path \"%s\" matching indicators from \"%s\"",
-                                     result["path"], ioc["name"])
-                    result["matched_indicator"] = ioc
-                    self.detected.append(result)
+            ioc = self.indicators.check_file_path_process(result["path"])
+            if ioc:
+                result["matched_indicator"] = ioc
+                self.detected.append(result)
 
     def run(self) -> None:
         for root, dirs, files in os.walk(self.target_path):
diff --git a/tests/ios_fs/__init__.py b/tests/ios_fs/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/tests/ios_fs/test_filesystem.py b/tests/ios_fs/test_filesystem.py
new file mode 100644
index 0000000..935aba1
--- /dev/null
+++ b/tests/ios_fs/test_filesystem.py
@@ -0,0 +1,34 @@
+# Mobile Verification Toolkit (MVT)
+# Copyright (c) 2021-2022 Claudio Guarnieri.
+# Use of this software is governed by the MVT License 1.1 that can be found at
+#   https://license.mvt.re/1.1/
+
+import logging
+
+from mvt.common.indicators import Indicators
+from mvt.common.module import run_module
+from mvt.ios.modules.fs.filesystem import Filesystem
+
+from ..utils import get_ios_backup_folder
+
+
+class TestFilesystem:
+
+    def test_filesystem(self):
+        m = Filesystem(target_path=get_ios_backup_folder())
+        run_module(m)
+        assert len(m.results) == 10
+        assert len(m.timeline) == 10
+        assert len(m.detected) == 0
+
+    def test_detection(self, indicator_file):
+        m = Filesystem(target_path=get_ios_backup_folder())
+        ind = Indicators(log=logging.getLogger())
+        ind.parse_stix2(indicator_file)
+        # Adds a filename that exist in the folder
+        ind.ioc_collections[0]["processes"].append("64d0019cb3d46bfc8cce545a8ba54b93e7ea9347")
+        m.indicators = ind
+        run_module(m)
+        assert len(m.results) == 10
+        assert len(m.timeline) == 10
+        assert len(m.detected) == 1