diff --git a/rules/windows/sysmon/sysmon_cmstp_com_object_access.yml b/rules/windows/sysmon/sysmon_cmstp_com_object_access.yml
index c53010ebb..f535868aa 100644
--- a/rules/windows/sysmon/sysmon_cmstp_com_object_access.yml
+++ b/rules/windows/sysmon/sysmon_cmstp_com_object_access.yml
@@ -19,15 +19,12 @@ detection:
     # CMSTP Spawning Child Process
     selection1:
         EventID: 1
-        ParentCommandLine:
-            - '*\DllHost.exe'
-            - '*\{3E5FC7F9-9A51-4367-9063-A120244FBEC7}' #CMSTPLUA
+        ParentCommandLine: '*\DllHost.exe'
     selection2:
-        EventID: 1
         ParentCommandLine:
-            - '*\DllHost.exe'
+            - '*\{3E5FC7F9-9A51-4367-9063-A120244FBEC7}' #CMSTPLUA
             - '*\{3E000D72-A845-4CD9-BD83-80C07C3B881F}' #CMLUAUTIL, see https://twitter.com/hFireF0X/status/897640081053364225
-    condition: 1 of them
+    condition: selection1 and selection2
 fields:
     - CommandLine
     - ParentCommandLine