diff --git a/rules/windows/process_creation/proc_creation_win_googleupdate_susp_child_process.yml b/rules/windows/process_creation/proc_creation_win_googleupdate_susp_child_process.yml
index 120c082ee..80381eb52 100644
--- a/rules/windows/process_creation/proc_creation_win_googleupdate_susp_child_process.yml
+++ b/rules/windows/process_creation/proc_creation_win_googleupdate_susp_child_process.yml
@@ -8,6 +8,7 @@ references:
     - https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/goofy-guineapig/NCSC-MAR-Goofy-Guineapig.pdf
 author: Nasreddine Bencherchali (Nextron Systems)
 date: 2023/05/15
+modified: 2023/05/22
 tags:
     - attack.defense_evasion
 logsource:
@@ -23,6 +24,8 @@ detection:
             - '\setup.exe'
             - 'chrome_updater.exe'
             - 'chrome_installer.exe'
+    filter_main_image_null:
+        Image: null
     condition: selection and not 1 of filter_main_*
 falsepositives:
     - Unknown