diff --git a/bpf/process/bpf_enforcer.h b/bpf/process/bpf_enforcer.h
index 56a5fc2deb0..b9d0fe38077 100644
--- a/bpf/process/bpf_enforcer.h
+++ b/bpf/process/bpf_enforcer.h
@@ -14,7 +14,7 @@ struct enforcer_data {
 
 struct {
 	__uint(type, BPF_MAP_TYPE_HASH);
-	__uint(max_entries, 32768);
+	__uint(max_entries, 1);
 	__type(key, __u64);
 	__type(value, struct enforcer_data);
 } enforcer_data SEC(".maps");
diff --git a/pkg/sensors/tracing/enforcer.go b/pkg/sensors/tracing/enforcer.go
index 59660e2c1c1..1266376dc98 100644
--- a/pkg/sensors/tracing/enforcer.go
+++ b/pkg/sensors/tracing/enforcer.go
@@ -316,6 +316,8 @@ func (kp *enforcerPolicy) createEnforcerSensor(
 	}
 
 	enforcerDataMap := enforcerMap(policyName, progs...)
+	enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries)
+
 	maps = append(maps, enforcerDataMap)
 
 	if ok := kp.enforcerAdd(name, kh); !ok {
diff --git a/pkg/sensors/tracing/generickprobe.go b/pkg/sensors/tracing/generickprobe.go
index 108df6e2411..5c71b8d143c 100644
--- a/pkg/sensors/tracing/generickprobe.go
+++ b/pkg/sensors/tracing/generickprobe.go
@@ -63,6 +63,7 @@ const (
 	stackTraceMapMaxEntries = 32768
 	ratelimitMapMaxEntries  = 32768
 	fdInstallMapMaxEntries  = 32000
+	enforcerMapMaxEntries   = 32768
 )
 
 func kprobeCharBufErrorToString(e int32) string {
@@ -364,6 +365,9 @@ func createMultiKprobeSensor(sensorPath, policyName string, multiIDs []idtable.E
 	}
 
 	enforcerDataMap := enforcerMap(policyName, load)
+	if has.enforcer {
+		enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries)
+	}
 	maps = append(maps, enforcerDataMap)
 
 	filterMap.SetMaxEntries(len(multiIDs))
@@ -555,13 +559,17 @@ type hasMaps struct {
 	stackTrace bool
 	rateLimit  bool
 	fdInstall  bool
+	enforcer   bool
 }
 
 func hasMapsSetup(spec *v1alpha1.TracingPolicySpec) hasMaps {
 	has := hasMaps{}
 	for _, kprobe := range spec.KProbes {
-		if selectorsHaveFDInstall(kprobe.Selectors) {
-			has.fdInstall = true
+		has.fdInstall = has.fdInstall || selectorsHaveFDInstall(kprobe.Selectors)
+		has.enforcer = has.enforcer || len(spec.Enforcers) != 0
+
+		// check for early break
+		if has.fdInstall && has.enforcer {
 			break
 		}
 	}
@@ -953,6 +961,9 @@ func createKprobeSensorFromEntry(kprobeEntry *genericKprobe, sensorPath string,
 	}
 
 	enforcerDataMap := enforcerMap(kprobeEntry.policyName, load)
+	if has.enforcer {
+		enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries)
+	}
 	maps = append(maps, enforcerDataMap)
 
 	if kprobeEntry.loadArgs.retprobe {
diff --git a/pkg/sensors/tracing/generictracepoint.go b/pkg/sensors/tracing/generictracepoint.go
index 1dc304b594a..6ce75bd2cbd 100644
--- a/pkg/sensors/tracing/generictracepoint.go
+++ b/pkg/sensors/tracing/generictracepoint.go
@@ -387,7 +387,9 @@ func createGenericTracepointSensor(
 		progName = "bpf_generic_tracepoint_v53.o"
 	}
 
-	has := hasMaps{}
+	has := hasMaps{
+		enforcer: len(spec.Enforcers) != 0,
+	}
 
 	maps := []*program.Map{}
 	progs := make([]*program.Program, 0, len(tracepoints))
@@ -495,6 +497,9 @@ func createGenericTracepointSensor(
 		maps = append(maps, matchBinariesPaths)
 
 		enforcerDataMap := enforcerMap(policyName, prog0)
+		if has.enforcer {
+			enforcerDataMap.SetMaxEntries(enforcerMapMaxEntries)
+		}
 		maps = append(maps, enforcerDataMap)
 
 		selMatchBinariesMap := program.MapBuilderPin("tg_mb_sel_opts", sensors.PathJoin(pinPath, "tg_mb_sel_opts"), prog0)