diff --git a/rules/windows/sysmon/sysmon_susp_tscon_rdp_redirect.yml b/rules/windows/sysmon/sysmon_susp_tscon_rdp_redirect.yml
index 46d02cdf0..b173a5c85 100644
--- a/rules/windows/sysmon/sysmon_susp_tscon_rdp_redirect.yml
+++ b/rules/windows/sysmon/sysmon_susp_tscon_rdp_redirect.yml
@@ -10,7 +10,7 @@ author: Florian Roth
 date: 2018/03/17
 detection:
     selection:
-        CommandLine: '*\tscon.exe * /dest:rdp-tcp:*'
+        CommandLine: '* /dest:rdp-tcp:*'
     condition: selection
 falsepositives:
     - Unknown