diff --git a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
index 9f9710909..69dfbe117 100644
--- a/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
+++ b/rules/windows/process_creation/win_susp_powershell_enc_cmd.yml
@@ -28,7 +28,7 @@ detection:
             - '-enc'
     selection4:
             - ' BA^J'
-            - 'SUVYI'
+            - ' SUVYI'
             - ' aWV4I'
             - ' SQBFAFgA'
             - ' aQBlAHgA'