diff --git a/rules/windows/process_creation/proc_creation_win_renamed_procdump.yml b/rules/windows/process_creation/proc_creation_win_renamed_procdump.yml
index 9469558c6..5e1b13880 100644
--- a/rules/windows/process_creation/proc_creation_win_renamed_procdump.yml
+++ b/rules/windows/process_creation/proc_creation_win_renamed_procdump.yml
@@ -31,7 +31,7 @@ detection:
         Image|endswith:
             - '\procdump.exe'
             - '\procdump64.exe'
-    condition: (original_file_name or all of selection_*) and not filter
+    condition: original_file_name or all of selection_* and not filter
 falsepositives:
     - Procdump illegaly bundled with legitimate software
     - Weird admins who renamed binaries (and should be investigated)