diff --git a/rules/windows/builtin/taskscheduler/win_taskscheduler_lolbin_execution_via_task_scheduler.yml b/rules/windows/builtin/taskscheduler/win_taskscheduler_lolbin_execution_via_task_scheduler.yml
index 8e5a8d8f9..f1ad6a8ba 100644
--- a/rules/windows/builtin/taskscheduler/win_taskscheduler_lolbin_execution_via_task_scheduler.yml
+++ b/rules/windows/builtin/taskscheduler/win_taskscheduler_lolbin_execution_via_task_scheduler.yml
@@ -29,7 +29,8 @@ detection:
     #filter_system:
     #    Path|endswith: '\rundll32.exe'
     #    TaskName|startswith: '\Microsoft\Windows\'
-    condition: selection #and not 1 of filter_*
+    #condition: selection and not 1 of filter_*
+    condition: selection
 falsepositives:
     - False positives may occur with some of the selected binaries if you have tasks using them (which could be very common in your environment). Exclude all the specific trusted tasks before using this rule
 level: medium
diff --git a/rules/windows/process_creation/proc_creation_win_mshta_javascript.yml b/rules/windows/process_creation/proc_creation_win_mshta_javascript.yml
index 6e4cd4375..c04a0e71c 100644
--- a/rules/windows/process_creation/proc_creation_win_mshta_javascript.yml
+++ b/rules/windows/process_creation/proc_creation_win_mshta_javascript.yml
@@ -7,7 +7,7 @@ references:
     - https://github.com/redcanaryco/atomic-red-team/blob/f339e7da7d05f6057fdfcdd3742bfcf365fee2a9/atomics/T1218.005/T1218.005.md
 author: E.M. Anhaus (originally from Atomic Blue Detections, Endgame), oscd.community
 date: 2019/10/24
-modified: 2021/11/27
+modified: 2023/02/07
 tags:
     - attack.defense_evasion
     - attack.t1218.005
diff --git a/rules/windows/process_creation/proc_creation_win_mshta_lethalhta_technique.yml b/rules/windows/process_creation/proc_creation_win_mshta_lethalhta_technique.yml
index 061a088d1..42fffddbd 100644
--- a/rules/windows/process_creation/proc_creation_win_mshta_lethalhta_technique.yml
+++ b/rules/windows/process_creation/proc_creation_win_mshta_lethalhta_technique.yml
@@ -6,7 +6,7 @@ references:
     - https://codewhitesec.blogspot.com/2018/07/lethalhta.html
 author: Markus Neis
 date: 2018/06/07
-modified: 2021/11/27
+modified: 2023/02/07
 tags:
     - attack.defense_evasion
     - attack.t1218.005