diff --git a/rules/windows/process_creation/proc_creation_win_susp_parents.yml b/rules/windows/process_creation/proc_creation_win_susp_parents.yml
index 295a050e0..f9708c99e 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_parents.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_parents.yml
@@ -7,7 +7,7 @@ references:
    - https://svch0st.medium.com/stats-from-hunting-cobalt-strike-beacons-c17e56255f9b
 author: Florian Roth
 date: 2022/03/21
-modified: 2022/07/08
+modified: 2022/09/08
 logsource:
    category: process_creation
    product: windows
@@ -21,7 +21,7 @@ detection:
       ParentImage|endswith:
          - '\csrss.exe'
          - '\certutil.exe'
-         - '\schtasks.exe'
+         # - '\schtasks.exe'
          - '\eventvwr.exe'
          - '\calc.exe'
          - '\notepad.exe'