Rule: Suspicious task creation description changed

rules/windows/sysmon/sysmon_susp_schtask_creation.yml

@@ -1,6 +1,6 @@
 title: Scheduled Task Creation
 status: experimental
-description: "Detetcs a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. extend filters with company's ip range')"  
+description: Detects the creation of scheduled tasks in user session 
 author: Florian Roth
 logsource:
     product: windows
@@ -15,4 +15,5 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Administrative activity
+    - Software installation
 level: low