From 8963c0a65e19f7202fe5daf467d1d4d33abd3d0a Mon Sep 17 00:00:00 2001
From: ZikyHD <ZikyHD@users.noreply.github.com>
Date: Wed, 20 May 2020 11:54:47 +0200
Subject: [PATCH] Remove duplicate 'CommandLine' in fields

---
 rules/windows/process_creation/win_task_folder_evasion.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/windows/process_creation/win_task_folder_evasion.yml b/rules/windows/process_creation/win_task_folder_evasion.yml
index 253824e2f..dfe043a89 100644
--- a/rules/windows/process_creation/win_task_folder_evasion.yml
+++ b/rules/windows/process_creation/win_task_folder_evasion.yml
@@ -30,7 +30,6 @@ detection:
 fields:
     - CommandLine
     - ParentProcess
-    - CommandLine
 falsepositives:
     - Unknown
 level: high