diff --git a/sigma/processing/transformations.py b/sigma/processing/transformations.py
index d558167..14e9964 100644
--- a/sigma/processing/transformations.py
+++ b/sigma/processing/transformations.py
@@ -793,7 +793,10 @@ def apply_string_value(self, field: str, val: SigmaString) -> SigmaString:
                 sigma_string_plain = str(val)
                 replaced = self.re.sub(self.replacement, sigma_string_plain)
                 postprocessed_backslashes = re.sub(r"\\(?![*?])", r"\\\\", replaced)
-                return SigmaString(postprocessed_backslashes)
+                if val.contains_placeholder():  # Preserve placeholders
+                    return SigmaString(postprocessed_backslashes).insert_placeholders()
+                else:
+                    return SigmaString(postprocessed_backslashes)
 
 
 @dataclass
diff --git a/tests/test_processing_transformations.py b/tests/test_processing_transformations.py
index 1618d8b..8cf0fac 100644
--- a/tests/test_processing_transformations.py
+++ b/tests/test_processing_transformations.py
@@ -1356,6 +1356,50 @@ def test_replace_string_specials(dummy_pipeline):
     )
 
 
+def test_replace_string_placeholder(dummy_pipeline):
+    sigma_rule = SigmaRule.from_dict(
+        {
+            "title": "Test",
+            "logsource": {"category": "test"},
+            "detection": {
+                "test": {
+                    "field|expand": "foo%var%bar",
+                },
+                "condition": "test",
+            },
+        }
+    )
+    s_before = sigma_rule.detection.detections["test"].detection_items[0].value[0]
+    assert s_before == SigmaString("foo%var%bar").insert_placeholders()
+
+    transformation = ReplaceStringTransformation("bar", "test")
+    transformation.apply(dummy_pipeline, sigma_rule)
+    s = sigma_rule.detection.detections["test"].detection_items[0].value[0]
+    assert s == SigmaString("foo%var%test").insert_placeholders()
+
+
+def test_replace_string_no_placeholder(dummy_pipeline):
+    sigma_rule = SigmaRule.from_dict(
+        {
+            "title": "Test",
+            "logsource": {"category": "test"},
+            "detection": {
+                "test": {
+                    "field": "foo%var%bar",
+                },
+                "condition": "test",
+            },
+        }
+    )
+    s_before = sigma_rule.detection.detections["test"].detection_items[0].value[0]
+    assert s_before == SigmaString("foo%var%bar")
+
+    transformation = ReplaceStringTransformation("bar", "test")
+    transformation.apply(dummy_pipeline, sigma_rule)
+    s = sigma_rule.detection.detections["test"].detection_items[0].value[0]
+    assert s == SigmaString("foo%var%test")
+
+
 def test_replace_string_skip_specials(dummy_pipeline):
     sigma_rule = SigmaRule.from_dict(
         {