diff --git a/rules/windows/process_creation/win_susp_gup.yml b/rules/windows/process_creation/win_susp_gup.yml
index d003ff50781..99920288df2 100644
--- a/rules/windows/process_creation/win_susp_gup.yml
+++ b/rules/windows/process_creation/win_susp_gup.yml
@@ -14,7 +14,7 @@ logsource:
 detection:
     selection:
         Image: '*\GUP.exe'
-    condition: selection and not filter
+    condition: selection
 falsepositives:
     - Execution of tools named GUP.exe and located in folders different than Notepad++\updater
 level: high