diff --git a/rules/windows/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml b/rules/windows/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml
index d90dfdd02..56efab11b 100644
--- a/rules/windows/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml
+++ b/rules/windows/process_creation/sysmon_always_install_elevated_msi_spawned_cmd_and_powershell.yml
@@ -23,9 +23,8 @@ detection:
             - 'msi'
         ParentImage|endswith: 
             - 'tmp'
-    condition: event_id and image and parent_image
+    condition: image and parent_image
 fields:
-    - EventID
     - Image
     - ParentImage
 falsepositives: