diff --git a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
index bf68521d0..20e60b324 100644
--- a/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
+++ b/rules/windows/process_creation/win_apt_unidentified_nov_18.yml
@@ -31,6 +31,5 @@ logsource:
     category: file_event
 detection:
     selection2:
-        EventID: 11
         TargetFilename|contains: 
             - 'ds7002.lnk'