diff --git a/rules/windows/process_creation/proc_creation_win_susp_execution_path.yml b/rules/windows/process_creation/proc_creation_win_susp_execution_path.yml
index 0581a29be..354ef0877 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_execution_path.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_execution_path.yml
@@ -39,7 +39,7 @@ detection:
             - '\Windows\Tasks\'
         - Image|startswith: 'C:\Perflogs\'
     false_positive:
-        - Image|startswith: 'C:\Users\Public\IBM\ClientSolutions\Start_Programs\'
+        Image|startswith: 'C:\Users\Public\IBM\ClientSolutions\Start_Programs\'
     condition: selection and not false_positive
 fields:
     - CommandLine