diff --git a/rules/windows/builtin/win_metasploit_or_impacket_smb_psexec_service_install.yml b/rules/windows/builtin/win_metasploit_or_impacket_smb_psexec_service_install.yml
index 7bdc7ccce..833a13490 100644
--- a/rules/windows/builtin/win_metasploit_or_impacket_smb_psexec_service_install.yml
+++ b/rules/windows/builtin/win_metasploit_or_impacket_smb_psexec_service_install.yml
@@ -27,7 +27,7 @@ fields:
     - ServiceFileName
 falsepositives:
     - Highly unlikely
-level: critical
+level: high
 ---
 logsource:
     product: windows