diff --git a/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml b/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
index 4e888c2de..3a670b85e 100644
--- a/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
+++ b/rules/windows/registry/registry_set/registry_set_dot_net_etw_tamper.yml
@@ -38,7 +38,7 @@ detection:
             - '\COMPlus_ETWEnabled'
             - '\COMPlus_ETWFlags'
         Details: 0
-    condition: selection
+    condition: 1 of selection_*
 falsepositives:
     - Unknown
 level: high