diff --git a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
index e1d86aaf6..ddd6e5490 100644
--- a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
+++ b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
@@ -29,4 +29,4 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Unknown
-level: medium
+level: low 
\ No newline at end of file
diff --git a/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml b/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
index 9eb91a162..25e5f8a94 100644
--- a/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
+++ b/rules/windows/process_creation/proc_creation_win_susp_commandline_chars.yml
@@ -1,9 +1,9 @@
 title: Suspicious Characters in CommandLine
 id: 2c0d2d7b-30d6-4d14-9751-7b9113042ab9
 status: experimental
-description: Detects suspicious characters in the command line, which could be a sign of obfuscation
+description: Detects suspicious Unicode characters in the command line, which could be a sign of obfuscation or defense evasion
 date: 2022/04/27
-author: 'Florian Roth'
+author: Florian Roth
 references:
    - https://www.wietzebeukema.nl/blog/windows-command-line-obfuscation
 logsource: