diff --git a/rules/windows/process_creation/proc_creation_win_vul_java_remote_debugging.yml b/rules/windows/process_creation/proc_creation_win_vul_java_remote_debugging.yml
index aacaaae88..fb22b7b7d 100644
--- a/rules/windows/process_creation/proc_creation_win_vul_java_remote_debugging.yml
+++ b/rules/windows/process_creation/proc_creation_win_vul_java_remote_debugging.yml
@@ -3,18 +3,24 @@ id: 8f88e3f6-2a49-48f5-a5c4-2f7eedf78710
 status: test
 description: Detects a JAVA process running with remote debugging allowing more than just localhost to connect
 author: Florian Roth
+references:
+  - https://dzone.com/articles/remote-debugging-java-applications-with-jdwp
 date: 2019/01/16
 modified: 2021/11/27
 logsource:
   category: process_creation
   product: windows
 detection:
-  selection:
+  selection_jdwp_transport:
     CommandLine|contains: 'transport=dt_socket,address='
+  selection_old_jvm_version:
+    CommandLine|contains: 
+      - jre1.
+      - jdk1.
   exclusion:
     - CommandLine|contains: 'address=127.0.0.1'
     - CommandLine|contains: 'address=localhost'
-  condition: selection and not exclusion
+  condition: all of selection* and not exclusion
 fields:
   - CommandLine
   - ParentCommandLine