Sysmon monitoring FileCreate but no FileDeleteDetected

Question

I'm trying to monitor a folder using Sysmon. I need to monitor file creation and deletion

Here's my XML configuration file :

<Sysmon schemaversion="4.60">
<HashAlgorithms>md5,sha256,IMPHASH</HashAlgorithms>
<EventFiltering>
    <RuleGroup name="Creation" groupRelation="or">
        <FileCreate onmatch="include">
            <TargetFilename condition="contains">c:\folder</TargetFilename>
        </FileCreate>
    </RuleGroup>
    <RuleGroup name="Deletion" groupRelation="or">
        <FileDeleteDetected onmatch="include">
            <TargetFilename condition="contains">c:\folder</TargetFilename>
        </FileDeleteDetected>
    </RuleGroup>
</EventFiltering>

Event 11 is in Sysmon and working. Event 26 is not, I do not have anything in the logs. If i'm excluding the folder instead of including it, i'm getting event from Appdata or Windows Folders. I do not need the event 23, which is archiving the file. Am I missing something ?