diff --git a/rules/windows/process_creation/win_susp_disable_raccine.yml b/rules/windows/process_creation/win_susp_disable_raccine.yml
index b93f381d3..15c00f7fb 100644
--- a/rules/windows/process_creation/win_susp_disable_raccine.yml
+++ b/rules/windows/process_creation/win_susp_disable_raccine.yml
@@ -9,6 +9,7 @@ tags:
     - attack.t1562.001
 author: Florian Roth 
 date: 2021/01/21
+modified: 2021/07/14
 logsource:
     category: process_creation
     product: windows
@@ -16,7 +17,7 @@ detection:
     selection1:
         CommandLine|contains|all:
             - 'taskkill '
-            - '/IM RaccineSettings.exe'
+            - 'RaccineSettings.exe'
     selection2:
         CommandLine|contains|all:
             - 'reg.exe'