diff --git a/rules/windows/builtin/win_susp_msmpeng_crash.yml b/rules/windows/builtin/win_susp_msmpeng_crash.yml
index 34d7dd126..705d66002 100644
--- a/rules/windows/builtin/win_susp_msmpeng_crash.yml
+++ b/rules/windows/builtin/win_susp_msmpeng_crash.yml
@@ -20,7 +20,7 @@ detection:
         - 'MsMpEng.exe'
     keyword2:
         - 'mpengine.dll'
-    condition: selection1 or selection2 and keyword1 and keyword2
+    condition: (selection1 or selection2) and keyword1 and keyword2
 falsepositives: 
     - Unknown
 level: high