diff --git a/rules/windows/process_access/proc_access_win_lsass_memdump.yml b/rules/windows/process_access/proc_access_win_lsass_memdump.yml
index 0f40dfaf8..a0363331b 100755
--- a/rules/windows/process_access/proc_access_win_lsass_memdump.yml
+++ b/rules/windows/process_access/proc_access_win_lsass_memdump.yml
@@ -4,7 +4,7 @@ status: experimental
 description: Detects process LSASS memory dump using Mimikatz, NanoDump, Invoke-Mimikatz, Procdump or Taskmgr based on the CallTrace pointing to ntdll.dll, dbghelp.dll or dbgcore.dll for win10, server2016 and up.
 author: Samir Bousseaden, Michael Haag
 date: 2019/04/03
-modified: 2022/02/05
+modified: 2022/03/20
 references:
     - https://blog.menasec.net/2019/02/threat-hunting-21-procdump-or-taskmgr.html
     - https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html
@@ -25,7 +25,7 @@ detection:
             #- '0x01000'  # Too many false positives
             #- '0x1010'   # Too many false positives
             - '0x1038'
-            - '0x40'
+            # - '0x40'   # Too many false positives
             #- '0x1400'  # Too many false positives
             # - '0x1410' # Too many false positives 
             - '0x1438'