diff --git a/rules/windows/powershell/powershell_script/posh_ps_malicious_commandlets.yml b/rules/windows/powershell/powershell_script/posh_ps_malicious_commandlets.yml
index ed50e7d63..8b9738bfa 100644
--- a/rules/windows/powershell/powershell_script/posh_ps_malicious_commandlets.yml
+++ b/rules/windows/powershell/powershell_script/posh_ps_malicious_commandlets.yml
@@ -7,7 +7,7 @@ references:
     - https://adsecurity.org/?p=2921
     - https://github.com/S3cur3Th1sSh1t/PowerSharpPack/tree/master/PowerSharpBinaries
 date: 2017/03/05
-modified: 2022/05/26
+modified: 2022/06/07
 logsource:
     product: windows
     category: ps_script
@@ -187,7 +187,7 @@ detection:
     false_positive1:
         ScriptBlockText|contains:
             - Get-SystemDriveInfo  # http://bheltborg.dk/Windows/WinSxS/amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_10.0.10240.16384_none_91ef7543a4514b5e/CL_Utility.ps1
-            - C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Scripts\Set-Wallpaper.ps1  # false positive form Amazon EC2
+            - C:\ProgramData\Amazon\EC2-Windows\Launch\Module\  # false positive form Amazon EC2
     false_positive2:
         ScriptBlockText|startswith: '# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved'
     condition: select_Malicious and not 1 of false_positive*