diff --git a/rules/windows/process_creation/proc_creation_win_susp_gpresult.yml b/rules/windows/process_creation/proc_creation_win_susp_gpresult.yml
index 06417c333..98e0649ec 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_gpresult.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_gpresult.yml
@@ -14,8 +14,7 @@ logsource:
     category: process_creation
 detection:
     selection:
-        Image|endswith:
-            - '\gpresult.exe'
+        Image|endswith: '\gpresult.exe'
         CommandLine|contains:
             - '/z'
             - '/v'
@@ -25,4 +24,4 @@ falsepositives:
 level: medium
 tags:
     - attack.discovery
-    - attack.t1615
\ No newline at end of file
+    - attack.t1615