diff --git a/rules/windows/builtin/security/win_security_sysmon_channel_reference_deletion.yml b/rules/windows/builtin/security/win_security_sysmon_channel_reference_deletion.yml
index a1b3ecb97..7ce6334c6 100644
--- a/rules/windows/builtin/security/win_security_sysmon_channel_reference_deletion.yml
+++ b/rules/windows/builtin/security/win_security_sysmon_channel_reference_deletion.yml
@@ -9,7 +9,7 @@ references:
     - https://gist.github.com/Cyb3rWard0g/cf08c38c61f7e46e8404b38201ca01c8
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research)
 date: 2020-07-14
-modified: 2022-10-05
+modified: 2025-10-22
 tags:
     - attack.defense-evasion
     - attack.t1112
@@ -29,7 +29,7 @@ detection:
         ObjectName|contains:
             - 'WINEVT\Publishers\{5770385f-c22a-43e0-bf4c-06f5698ffbd9}'
             - 'WINEVT\Channels\Microsoft-Windows-Sysmon/Operational'
-        AccessMask: 0x10000
+        AccessMask: '0x10000'
     condition: 1 of selection*
 falsepositives:
     - Unknown