diff --git a/rules/windows/process_creation/proc_creation_win_hktl_winpwn.yml b/rules/windows/process_creation/proc_creation_win_hktl_winpwn.yml
index 291db6e76b8..b71d35ca7dd 100644
--- a/rules/windows/process_creation/proc_creation_win_hktl_winpwn.yml
+++ b/rules/windows/process_creation/proc_creation_win_hktl_winpwn.yml
@@ -38,7 +38,7 @@ detection:
             - 'WinPwn '
             - 'WinPwn.exe'
             - 'WinPwn.ps1'
-    condition: all of selection_*
+    condition: selection
 falsepositives:
     - Unknown
 level: high