diff --git a/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml b/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
index 944695928..032e1146f 100644
--- a/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
+++ b/rules/windows/registry_event/sysmon_uac_bypass_shell_open.yml
@@ -25,9 +25,9 @@ detection:
         TargetObject|endswith: 
             - '_Classes\ms-settings\shell\open\command\(Default)'
             - '_Classes\exefile\shell\open\command\(Default)'
-    filter:
+    filter_sel3:
         Details: '(Empty)'
-    condition: selection1 or selection2 or (selection3 and not filter)
+    condition: selection1 or selection2 or (selection3 and not filter_sel3)
 falsepositives:
     - Unknown
 level: high