diff --git a/rules/windows/process_creation/win_mavinject_proc_inj.yml b/rules/windows/process_creation/win_mavinject_proc_inj.yml
index 5fc53cdde..f99d8cfb9 100644
--- a/rules/windows/process_creation/win_mavinject_proc_inj.yml
+++ b/rules/windows/process_creation/win_mavinject_proc_inj.yml
@@ -18,7 +18,7 @@ logsource:
     product: windows
 detection:
     selection:
-        CommandLine: '* /INJECTRUNNING *'
+        CommandLine|contains: ' /INJECTRUNNING '
     condition: selection
 falsepositives:
     - unknown