diff --git a/rules/windows/sysmon/sysmon_powershell_AMSI_bypass.yml b/rules/windows/sysmon/sysmon_powershell_AMSI_bypass.yml
deleted file mode 100644
index 9803e1b0c..000000000
--- a/rules/windows/sysmon/sysmon_powershell_AMSI_bypass.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-title: Powershell AMSI Bypass via .NET Reflection  
-status: experimental
-description: Detects Request to amsiInitFailed that can be used to disable AMSI Scanning
-references:
-    - https://twitter.com/mattifestation/status/735261176745988096
-    - https://www.hybrid-analysis.com/sample/0ced17419e01663a0cd836c9c2eb925e3031ffb5b18ccf35f4dea5d586d0203e?environmentId=120
-author: Markus Neis
-date: 2018/08/17
-logsource:
-    product: windows
-    service: sysmon
-detection:
-    selection1:
-        EventID: 1
-        CommandLine:
-            - '*System.Management.Automation.AmsiUtils*'
-    selection2:
-        CommandLine:
-            - '*amsiInitFailed*'            
-    condition: selection1 and selection2
-    falsepositives:
-    - Potential Admin Activity 
-level: high
-