diff --git a/rules/windows/sysmon/sysmon_susp_schtask_creation.yml b/rules/windows/sysmon/sysmon_susp_schtask_creation.yml
index b6bff9e29..5b255d1e4 100644
--- a/rules/windows/sysmon/sysmon_susp_schtask_creation.yml
+++ b/rules/windows/sysmon/sysmon_susp_schtask_creation.yml
@@ -1,6 +1,6 @@
 title: Scheduled Task Creation
 status: experimental
-description: "Detetcs a Powershell process that opens network connections - check for suspicious target ports and target systems - adjust to your environment (e.g. extend filters with company's ip range')"  
+description: Detects the creation of scheduled tasks in user session 
 author: Florian Roth
 logsource:
     product: windows
@@ -15,4 +15,5 @@ detection:
     condition: selection and not filter
 falsepositives:
     - Administrative activity
+    - Software installation
 level: low