diff --git a/pkg/containerwatcher/v2/container_watcher.go b/pkg/containerwatcher/v2/container_watcher.go
index 841786152..212e80e6a 100644
--- a/pkg/containerwatcher/v2/container_watcher.go
+++ b/pkg/containerwatcher/v2/container_watcher.go
@@ -32,7 +32,6 @@ import (
 	"github.com/kubescape/node-agent/pkg/rulebindingmanager"
 	"github.com/kubescape/node-agent/pkg/rulemanager"
 	"github.com/kubescape/node-agent/pkg/sbommanager"
-	"github.com/kubescape/node-agent/pkg/utils"
 	"github.com/kubescape/workerpool"
 	"github.com/panjf2000/ants/v2"
 )
@@ -159,9 +158,7 @@ func CreateContainerWatcher(
 	workerPool, err := ants.NewPoolWithFunc(cfg.WorkerPoolSize, func(i interface{}) {
 		enrichedEvent := i.(*events.EnrichedEvent)
 		eventHandlerFactory.ProcessEvent(enrichedEvent)
-		if enrichedEvent.Event.GetEventType() != utils.SyscallEventType {
-			enrichedEvent.Event.Release() // at this time we should not need the event anymore
-		}
+		enrichedEvent.Event.Release() // at this time we should not need the event anymore
 	})
 	if err != nil {
 		return nil, fmt.Errorf("creating worker pool: %w", err)
diff --git a/pkg/containerwatcher/v2/tracers/syscall.go b/pkg/containerwatcher/v2/tracers/syscall.go
index 0af439b9f..7df41fc2d 100644
--- a/pkg/containerwatcher/v2/tracers/syscall.go
+++ b/pkg/containerwatcher/v2/tracers/syscall.go
@@ -128,12 +128,14 @@ func (st *SyscallTracer) callback(event *utils.DatasourceEvent) {
 	syscallsBuffer := event.GetSyscalls()
 	for _, syscall := range decodeSyscalls(syscallsBuffer) {
 		st.eventCallback(&utils.DatasourceEvent{
-			Data:       event.Data, // WARNING we pass the original data here, not a DeepCopy
+			Data:       event.Datasource.DeepCopy(event.Data),
 			Datasource: event.Datasource,
 			EventType:  event.EventType,
 			Syscall:    syscall,
 		}, containerID, processID)
 	}
+	// Release the original deep-copied data since each sub-event now has its own copy
+	event.Release()
 }
 
 func decodeSyscalls(syscallsBuffer []byte) []string {