diff --git a/rules/windows/image_load/image_load_susp_cmstp.yml b/rules/windows/image_load/image_load_susp_cmstp.yml
index 472bed24a..6c5dea61b 100644
--- a/rules/windows/image_load/image_load_susp_cmstp.yml
+++ b/rules/windows/image_load/image_load_susp_cmstp.yml
@@ -20,8 +20,7 @@ detection:
         ImageLoaded|endswith:
             - '.dll'
             - '.ocx'
-        Image|endswith:
-            - '\cmstp.exe'
+        Image|endswith: '\cmstp.exe'
     condition: selection
 falsepositives:
     - Unikely