diff --git a/rules/windows/sysmon/sysmon_notepad_network_connection.yml b/rules/windows/sysmon/sysmon_notepad_network_connection.yml
index beb6627cd..039d397ee 100644
--- a/rules/windows/sysmon/sysmon_notepad_network_connection.yml
+++ b/rules/windows/sysmon/sysmon_notepad_network_connection.yml
@@ -18,8 +18,8 @@ detection:
         EventID: 3
         Image: '*\notepad.exe'
     filter:
-        DestinationPort: 9100
-    condition: selection
+        DestinationPort: '9100'
+    condition: selection and not filter
 falsepositives:
     - None observed so far
 level: high