diff --git a/atomics/T1490/T1490.yaml b/atomics/T1490/T1490.yaml
index 8703ff18..eb82199d 100644
--- a/atomics/T1490/T1490.yaml
+++ b/atomics/T1490/T1490.yaml
@@ -29,12 +29,16 @@ atomic_tests:
   auto_generated_guid: 6a3ff8dd-f49c-4272-a658-11c2fe58bd88
   description: |
     Deletes Windows Volume Shadow Copies via WMI. This technique is used by numerous ransomware families and APT malware such as Olympic Destroyer.
+  supported_platforms:
+  - windows
+  dependency_executor_name: powershell
+  dependencies:
+  - description: |
+      Create volume shadow copy of C:\ .
     prereq_command: |
       if(!(vssadmin.exe list shadows | findstr "No items found that satisfy the query.")) { exit 0 } else { exit 1 }
     get_prereq_command: |
       wmic shadowcopy call create Volume='C:\'
-  supported_platforms:
-  - windows
   executor:
     command: |
       wmic.exe shadowcopy delete