diff --git a/rules/windows/process_creation/win_susp_replace_lolbin.yml b/rules/windows/process_creation/win_susp_replace_lolbin.yml
index 9dbdb1e21..d530fec79 100644
--- a/rules/windows/process_creation/win_susp_replace_lolbin.yml
+++ b/rules/windows/process_creation/win_susp_replace_lolbin.yml
@@ -1,6 +1,6 @@
 title: Ingress Tool Transfer Using Replace.exe
 id: 6ccf0c00-1061-4195-a724-6d9c0058b036
-description: Detect Download operations using Replace.exe.
+description: Detect Copy and Download operations using Replace.exe.
 status: experimental
 references:
   - https://lolbas-project.github.io/lolbas/Binaries/Replace
@@ -16,10 +16,10 @@ detection:
   selection:
     Image|endswith:
       - '\replace.exe'
-    CommandLine|contains|all:
+    CommandLine|contains:
       - "\\\\\\\\"
       - "/A"
   condition: selection
 falsepositives:
-  - Legitimate use of the binary to download files from a share
+  - Legitimate use of the binary
 level: low