diff --git a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml
index 7234add4d..0d45f61ba 100755
--- a/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml
+++ b/rules/windows/process_access/sysmon_in_memory_assembly_execution.yml
@@ -54,6 +54,6 @@ fields:
     - SourceImage
     - TargetImage
     - CallTrace
-level: high
+level: medium # too many false positives
 falsepositives:
     - SysInternals Process Explorer