diff --git a/rules/windows/builtin/application/win_msi_install_from_susp_locations.yml b/rules/windows/builtin/application/win_msi_install_from_susp_locations.yml
index f9735db0a..b871e1c10 100644
--- a/rules/windows/builtin/application/win_msi_install_from_susp_locations.yml
+++ b/rules/windows/builtin/application/win_msi_install_from_susp_locations.yml
@@ -6,7 +6,7 @@ author: Nasreddine Bencherchali
 references:
     - https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
 date: 2022/08/31
-modified: 2022/10/12
+modified: 2022/10/18
 logsource:
     product: windows
     service: application
@@ -22,7 +22,7 @@ detection:
             - '\Users\Public\'
             - '\PerfLogs\'
             - '\Desktop\'
-            - '\Downloads\'
+            # - '\Downloads\'  # too many FPs, typical legitimate staging directory
             # - '\AppData\Local\Temp\'  # too many FPs
             - 'C:\Windows\TEMP\'
             - '\\\\'