diff --git a/rules/windows/process_creation/win_susp_file_download_via_gfxdownloadwrapper.yml b/rules/windows/process_creation/win_susp_file_download_via_gfxdownloadwrapper.yml
index 4adaeef44..63ffa1398 100644
--- a/rules/windows/process_creation/win_susp_file_download_via_gfxdownloadwrapper.yml
+++ b/rules/windows/process_creation/win_susp_file_download_via_gfxdownloadwrapper.yml
@@ -15,7 +15,7 @@ detection:
     cmd_known_url:
         CommandLine|contains: 'gameplayapi.intel.com'
     same_parent:
-        ParentProcessName|endswith: '\GfxDownloadWrapper.exe'
+        ParentImage|endswith: '\GfxDownloadWrapper.exe'
     condition: image_path and not cmd_known_url and not same_parent
 fields:
     - CommandLine