diff --git a/rules/windows/process_creation/win_susp_psloglist.yml b/rules/windows/process_creation/win_susp_psloglist.yml
index c9da73f66..01fe56869 100644
--- a/rules/windows/process_creation/win_susp_psloglist.yml
+++ b/rules/windows/process_creation/win_susp_psloglist.yml
@@ -31,10 +31,11 @@ detection:
           - '/x'
           - '-s'
           - '/s'
-    eventlog:
-        CommandLine|contains:
-          - 'security'
-    condition: (1 of selection*) or (flags and eventlog)
+    other:
+        CommandLine|contains|all: 
+            - 'security'
+            - 'accepteula'
+    condition: (1 of selection*) or (flags and other)
 falsepositives:
     - Another tool that uses the command line switches of PsLogList
     - Legitimate use of PsLogList by an administrator