diff --git a/rules/windows/process_creation/proc_creation_win_lolbin_agentexecutor.yml b/rules/windows/process_creation/proc_creation_win_lolbin_agentexecutor.yml
index 8851dfc95..0cf6c58aa 100644
--- a/rules/windows/process_creation/proc_creation_win_lolbin_agentexecutor.yml
+++ b/rules/windows/process_creation/proc_creation_win_lolbin_agentexecutor.yml
@@ -15,15 +15,14 @@ logsource:
     category: process_creation
     product: windows
 detection:
-    selection1:
+    selection:
         Image: 'AgentExecutor.exe'
-    selection2: 
         CommandLine|contains: '-powershell'
     filter:
         CommandLine|contains:
             - ' C:\Windows\SysWOW64\WindowsPowerShell\'
             - ' C:\Windows\System32\WindowsPowerShell\'
-    condition: selection1 and selection2 and not filter
+    condition: selection and not filter
 falsepositives:
     - Unknown
 level: medium