diff --git a/rules/windows/network_connection/net_connection_win_wuauclt_network_connection.yml b/rules/windows/network_connection/net_connection_win_wuauclt_network_connection.yml
index 2ac32898b..d0694ab32 100644
--- a/rules/windows/network_connection/net_connection_win_wuauclt_network_connection.yml
+++ b/rules/windows/network_connection/net_connection_win_wuauclt_network_connection.yml
@@ -23,7 +23,7 @@ detection:
         DestinationIp|startswith: '51.10'  # Microsoft Range
     filter_cmdline:
         CommandLine|contains: '\UpdateDeploy.dll /ClassId '
-    condition: selection
+    condition: selection and not 1 of filter*
 falsepositives:
     - Legitimate use of wuauclt.exe over the network.
 level: medium