From eb690d8902cd89698eccec930b7febaaac9efb01 Mon Sep 17 00:00:00 2001
From: Karneades <karneades@protonmail.com>
Date: Thu, 4 Apr 2019 22:16:24 +0200
Subject: [PATCH] Remove too loose filter in mshta rule

---
 rules/windows/process_creation/win_mshta_spawn_shell.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/rules/windows/process_creation/win_mshta_spawn_shell.yml b/rules/windows/process_creation/win_mshta_spawn_shell.yml
index d437e26d8..e4bed4a29 100644
--- a/rules/windows/process_creation/win_mshta_spawn_shell.yml
+++ b/rules/windows/process_creation/win_mshta_spawn_shell.yml
@@ -20,10 +20,6 @@ detection:
             - '*\reg.exe'
             - '*\regsvr32.exe'
             - '*\BITSADMIN*'
-    filter:
-        CommandLine:
-            - '*/HP/HP*'
-            - '*\HP\HP*'
     condition: selection and not filter
 fields:
     - CommandLine