diff --git a/rules/windows/process_creation/win_mshta_spawn_shell.yml b/rules/windows/process_creation/win_mshta_spawn_shell.yml
index 287fc34b..37f72ce9 100644
--- a/rules/windows/process_creation/win_mshta_spawn_shell.yml
+++ b/rules/windows/process_creation/win_mshta_spawn_shell.yml
@@ -30,4 +30,5 @@ tags:
     - attack.t1170
 falsepositives:
     - Printer software / driver installations
+    - HP software
 level: high