diff --git a/rules/windows/process_creation/win_wmi_spwns_powershell.yml b/rules/windows/process_creation/win_wmi_spwns_powershell.yml
index aac1b339..d2a20350 100644
--- a/rules/windows/process_creation/win_wmi_spwns_powershell.yml
+++ b/rules/windows/process_creation/win_wmi_spwns_powershell.yml
@@ -19,7 +19,7 @@ detection:
             - '*\wmiprvse.exe'
         Image:
             - '*\powershell.exe'
-    condition: selection and not filter
+    condition: selection
 falsepositives:
     - AppvClient
     - CCM