diff --git a/rules/apt/crime_fireball.yml b/rules/apt/crime_fireball.yml
index e380be143..4be1055af 100644
--- a/rules/apt/crime_fireball.yml
+++ b/rules/apt/crime_fireball.yml
@@ -1,6 +1,6 @@
-title: Detects Fireball - archer.dll 
+title: Detects Fireball - Archer Install
 status: experimental
-description: Detects suspicious Rundll32 execution 
+description: Detects Archer malware invocation via rundll32
 author: Florian Roth
 date: 2017/06/03
 reference: 
@@ -13,7 +13,7 @@ detection:
     selection:
         EventID: 1
         CommandLine: '*\rundll32.exe *,InstallArcherSvc'
-    condition: selection and not filter
+    condition: selection
 falsepositives:
     - Unknown
 level: high