diff --git a/anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml b/anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml
index 669a452be..14130f2db 100644
--- a/anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml
+++ b/anti-analysis/anti-av/patch-antimalware-scan-interface-function.yml
@@ -15,16 +15,7 @@ rule:
       - edb92795c06a2bde47e652639327253a1148ee675ba2f0d1d9ac8690ef1820b1:0x14001126C
   features:
     - and:
-      - match: link function at runtime on Windows
-      - or:
-        - api: kernel32.VirtualProtect
-        - api: kernel32.VirtualProtectEx
-        - api: ntdll.NtProtectVirtualMemory
-        - api: ZwProtectVirtualMemory
-        - string: "VirtualProtect"
-        - string: "VirtualProtectEx"
-        - string: "NtProtectVirtualMemory"
-        - string: "ZwProtectVirtualMemory"
+      - match: change memory protection
       - or:
         - string: "AmsiScanBuffer"
         - string: "AmsiScanString"