diff --git a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
index 5670c4c31..488512208 100644
--- a/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
+++ b/rules/windows/file_event/win_susp_multiple_files_renamed_or_deleted.yml
@@ -22,6 +22,6 @@ detection:
     timeframe: 30s
     condition: selection | count() by SubjectLogonId > 10
 falsepositives:
-    - software uninstallation
-    - files restore activities
+    - Software uninstallation
+    - Files restore activities
 level: high