diff --git a/rules/windows/process_creation/win_susp_diskshadow.yml b/rules/windows/process_creation/win_susp_diskshadow.yml
index 365c5a9e4..8ba8426a8 100644
--- a/rules/windows/process_creation/win_susp_diskshadow.yml
+++ b/rules/windows/process_creation/win_susp_diskshadow.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects using Diskshadow.exe to execute arbitrary code in text file
 references:
     - https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/
-tags:
+#tags:
 #    - attack.execution
  #   - attack.t1218
 author: Ivan Dyachkov, oscd.community