diff --git a/atomics/T1562.001/T1562.001.yaml b/atomics/T1562.001/T1562.001.yaml
index 871dbc10df..67977ca71f 100644
--- a/atomics/T1562.001/T1562.001.yaml
+++ b/atomics/T1562.001/T1562.001.yaml
@@ -1088,30 +1088,30 @@ atomic_tests:
   description: This test simulates the deletion of the ASR rules loaded by Microsoft Defender using the registry. Depending on the deployment, rules can be pushed either using GPO or InTune, This test simulates an InTune-based rules deployment.
   supported_platforms:
   - windows
-  command: |-
-    $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager"
+  executor:
+    command: |-
+      $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager"
 
-    if (-not (Test-Path $registryPath)) {
-      New-Item -Path $registryPath -Force
-      Write-Host "Registry key created: $registryPath"
-    }
+      if (-not (Test-Path $registryPath)) {
+        New-Item -Path $registryPath -Force
+        Write-Host "Registry key created: $registryPath"
+      }
 
-    $registryValueName = "ASRRules"
+      $registryValueName = "ASRRules"
 
-    if (Test-Path "$registryPath\$registryValueName") {
-      Remove-ItemProperty -Path $registryPath -Name $registryValueName
-      Write-Host "Registry value deleted: $registryValueName"
-    } else {
-      New-ItemProperty -Path $registryPath -Name $registryValueName -PropertyType String -Value "36190899-1602-49e8-8b27-eb1d0a1ce869=1" -Force
-      Write-Host "Registry value created: $registryValueName"
-    }
+      if (Test-Path "$registryPath\$registryValueName") {
+        Remove-ItemProperty -Path $registryPath -Name $registryValueName
+        Write-Host "Registry value deleted: $registryValueName"
+      } else {
+        New-ItemProperty -Path $registryPath -Name $registryValueName -PropertyType String -Value "36190899-1602-49e8-8b27-eb1d0a1ce869=1" -Force
+        Write-Host "Registry value created: $registryValueName"
+      }
 
 
-    Remove-ItemProperty -Path $registryPath -Name $registryValueName
-    Write-Host "Registry value deleted: $registryValueName"
-  cleanup_command: 
-  name: powershell
-  elevation_required: true
+      Remove-ItemProperty -Path $registryPath -Name $registryValueName
+      Write-Host "Registry value deleted: $registryValueName"
+    name: powershell
+    elevation_required: true
 - name: Delete Microsoft Defender ASR Rules - GPO
   description: This test simulates the deletion of the ASR rules loaded by Microsoft Defender using the registry. Depending on the deployment, rules can be pushed either using GPO or InTune, This test simulates a GPO-based rules deployment.
   supported_platforms:
@@ -1132,6 +1132,5 @@ atomic_tests:
   
       Remove-ItemProperty -Path $registryPath -Name $newValueName
       Write-Host "Registry value deleted: $newValueName"
-    cleanup_command: 
     name: powershell
     elevation_required: true
\ No newline at end of file