I am monitoring administrative share access that occurs on port 445, I am not monitoring other ports like TFTP.

The initial rule was submitted erroneously. The corrected rule, which still does not get triggered when administrative shares are accessed, is below:

alert tcp any any -> $HOME_NET 445 (msg:"Admin share access";
pcre:"/(\\ADMIN\$)|(\\C\$)/i"; sid:1000200; rev:001; classtype:misc-activity;)