diff --git a/rules/unsupported/sysmon_process_reimaging.yml b/rules/unsupported/sysmon_process_reimaging.yml
deleted file mode 100644
index 16a422199..000000000
--- a/rules/unsupported/sysmon_process_reimaging.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-title: Defense evasion via process reimaging
-description: Detects process reimaging defense evasion technique, where
-#             ImageFileName != OriginalFileName
-#             ProcessGuid = ParentProcessGuid
-#             Image = TargetFileName
-#             Image = ^.+\\<ImageFileName>$
-references:
-    - https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/in-ntdll-i-trust-process-reimaging-and-endpoint-security-solution-bypass/
-tags:
-    - attack.defense_evasion
-author: Alexey Balandin, oscd community
-status: experimental
-date: 2019/10/25
-logsource:
-    product: windows
-    service: sysmon
-detection:
-    condition: all of them
-    # Create Process Sysmon Event
-    selection1:
-        EventID: 1
-    # Create File Sysmon Event
-    selection2:
-        EventID: 11
-fields:
-    - Image
-    - OriginalFileName
-    - ProcessGuid
-    - ParentProcessGuid
-    - TargetFileName
-new_fields:
-    - ImageFileName
-falsepositives:
-    - unknown
-level: high