diff --git a/pkg/ebpf/c/tracee.bpf.c b/pkg/ebpf/c/tracee.bpf.c
index 9322e56a3fff..e40a18d722cb 100644
--- a/pkg/ebpf/c/tracee.bpf.c
+++ b/pkg/ebpf/c/tracee.bpf.c
@@ -5126,11 +5126,9 @@ statfunc enum vma_type get_vma_type(struct vm_area_struct *vma)
 SEC("raw_tracepoint/check_syscall_source")
 int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
 {
-    program_data_t p = {};
-    if (!init_program_data(&p, ctx))
-        return 0;
-
-    // Get syscall ID
+    // Get syscall ID.
+    // NOTE: this must happen first before any logic that may fail,
+    // because we must know the syscall ID for the tail call we preceded.
     struct task_struct *task = (struct task_struct *) bpf_get_current_task();
     u32 id = ctx->args[1];
     if (is_compat(task)) {
@@ -5141,10 +5139,11 @@ int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
         id = *id_64;
     }
 
-    if (!should_trace(&p))
+    program_data_t p = {};
+    if (!init_program_data(&p, ctx, CHECK_SYSCALL_SOURCE))
         goto out;
 
-    if (!should_submit(CHECK_SYSCALL_SOURCE, p.event))
+    if (!evaluate_scope_filters(&p))
         goto out;
 
     // Get instruction pointer
@@ -5188,7 +5187,7 @@ int check_syscall_source(struct bpf_raw_tracepoint_args *ctx)
     save_to_submit_buf(&p.event->args_buf, &is_heap, sizeof(is_heap), 3);
     save_to_submit_buf(&p.event->args_buf, &is_anon, sizeof(is_anon), 4);
 
-    events_perf_submit(&p, CHECK_SYSCALL_SOURCE, 0);
+    events_perf_submit(&p, 0);
 
 out:
     // Call sys_enter_init_tail which we preceded
diff --git a/pkg/ebpf/event_filters.go b/pkg/ebpf/event_filters.go
index 6d373cb4aa48..5cbf6e2d99a8 100644
--- a/pkg/ebpf/event_filters.go
+++ b/pkg/ebpf/event_filters.go
@@ -13,7 +13,7 @@ import (
 	"github.com/aquasecurity/tracee/pkg/logger"
 )
 
-type eventFilterHandler func(eventFilters map[string]filters.Filter, bpfModule *bpf.Module) error
+type eventFilterHandler func(eventFilters map[string]filters.Filter[*filters.StringFilter], bpfModule *bpf.Module) error
 
 var eventFilterHandlers = map[events.ID]eventFilterHandler{
 	events.CheckSyscallSource: populateMapsCheckSyscallSource,
@@ -24,8 +24,9 @@ func (t *Tracee) populateEventFilterMaps() error {
 	// Iterate through registerd event filter handlers
 	for eventID, handler := range eventFilterHandlers {
 		// Construct filters for this event
-		eventFilters := map[string]filters.Filter{}
-		for _, p := range t.config.Policies.Map() {
+		eventFilters := map[string]filters.Filter[*filters.StringFilter]{}
+		for it := t.config.Policies.CreateAllIterator(); it.HasNext(); {
+			p := it.Next()
 			f := p.ArgFilter.GetEventFilters(eventID)
 			if len(f) == 0 {
 				continue
@@ -46,7 +47,7 @@ func (t *Tracee) populateEventFilterMaps() error {
 	return nil
 }
 
-func populateMapsCheckSyscallSource(eventFilters map[string]filters.Filter, bpfModule *bpf.Module) error {
+func populateMapsCheckSyscallSource(eventFilters map[string]filters.Filter[*filters.StringFilter], bpfModule *bpf.Module) error {
 	// Get syscalls to trace
 	syscallsFilter, ok := eventFilters["syscall"].(*filters.StringFilter)
 	if !ok {
diff --git a/pkg/ebpf/tracee.go b/pkg/ebpf/tracee.go
index 6387811721d0..ccbfed819bbe 100644
--- a/pkg/ebpf/tracee.go
+++ b/pkg/ebpf/tracee.go
@@ -1518,6 +1518,7 @@ func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
 		systemInfoEvent := events.InitNamespacesEvent()
 		setMatchedPolicies(&systemInfoEvent, matchedPolicies, t.config.Policies)
 		out <- &systemInfoEvent
+		_ = t.stats.EventCount.Increment()
 	}
 
 	// Initial existing containers events (1 event per container)
@@ -1529,6 +1530,7 @@ func (t *Tracee) invokeInitEvents(out chan *trace.Event) {
 			event := &(existingContainerEvents[i])
 			setMatchedPolicies(event, matchedPolicies, t.config.Policies)
 			out <- event
+			_ = t.stats.EventCount.Increment()
 		}
 	}
 
diff --git a/signatures/helpers/arguments_helpers.go b/signatures/helpers/arguments_helpers.go
index 2b5e17e89953..c975078a7e3f 100644
--- a/signatures/helpers/arguments_helpers.go
+++ b/signatures/helpers/arguments_helpers.go
@@ -72,20 +72,6 @@ func GetTraceeIntArgumentByName(event trace.Event, argName string) (int, error)
 	return 0, fmt.Errorf("can't convert argument %v to int", argName)
 }
 
-// GetTraceeBoolArgumentByName gets the argument from `event` matching the `argName`, casted as bool.
-func GetTraceeBoolArgumentByName(event trace.Event, argName string) (bool, error) {
-	arg, err := GetTraceeArgumentByName(event, argName, GetArgOps{DefaultArgs: false})
-	if err != nil {
-		return false, err
-	}
-	argBool, ok := arg.Value.(bool)
-	if ok {
-		return argBool, nil
-	}
-
-	return false, fmt.Errorf("can't convert argument %v to bool", argName)
-}
-
 // GetTraceeSliceStringArgumentByName gets the argument matching the "argName" given from the event "argv" field, casted as []string.
 func GetTraceeSliceStringArgumentByName(event trace.Event, argName string) ([]string, error) {
 	arg, err := GetTraceeArgumentByName(event, argName, GetArgOps{DefaultArgs: false})