From f312455db5b8d82f1569a005cc98f5f2000daf22 Mon Sep 17 00:00:00 2001
From: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
Date: Tue, 8 Nov 2022 17:26:24 +0100
Subject: [PATCH] Update
 rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml

---
 .../image_load_alternate_powershell_hosts_moduleload.yml         | 1 -
 1 file changed, 1 deletion(-)

diff --git a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
index 9ec56128d..7d5f825ed 100644
--- a/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
+++ b/rules/windows/image_load/image_load_alternate_powershell_hosts_moduleload.yml
@@ -28,7 +28,6 @@ detection:
             - 'C:\Program Files\Citrix\ConfigSync\'
     filter_aurora:
         # This filter is to avoid a race condition FP with this specific ETW provider in aurora
-        Provider_Name: Microsoft-Windows-Kernel-Process
         Image: null
     condition: selection and not 1 of filter_*
 falsepositives: