diff --git a/rules/windows/create_remote_thread/create_remote_thread_win_uncommon_source_image.yml b/rules/windows/create_remote_thread/create_remote_thread_win_uncommon_source_image.yml
index 7325b9f8640..1c1e363f946 100644
--- a/rules/windows/create_remote_thread/create_remote_thread_win_uncommon_source_image.yml
+++ b/rules/windows/create_remote_thread/create_remote_thread_win_uncommon_source_image.yml
@@ -98,14 +98,14 @@ detection:
             - ':\Program Files (x86)\'
             - ':\Program Files\'
     filter_optional_smartconsole1:
-        SourceImage|contains: '':\Program Files\internet explorer\iexplore.exe'
+        SourceImage|contains: ':\Program Files\internet explorer\iexplore.exe'
         SourceCommandLine|contains|all:
             - 'https://'
             - '.checkpoint.com/documents/'
             - 'SmartConsole_OLH/'
             - 'default.htm#cshid='
     filter_optional_smartconsole2:
-        SourceImage|contains: '':\Program Files\internet explorer\iexplore.exe'
+        SourceImage|contains: ':\Program Files\internet explorer\iexplore.exe'
         SourceParentImage|contains|all:
             - ':\Program Files'  # x86 and not
             - '\CheckPoint\SmartConsole\'