diff --git a/bpf/process/bpf_execve_event.c b/bpf/process/bpf_execve_event.c
index 6495978f0d9..8583cfbf4b5 100644
--- a/bpf/process/bpf_execve_event.c
+++ b/bpf/process/bpf_execve_event.c
@@ -201,14 +201,6 @@ event_execve(struct sched_execve_args *ctx)
 	p->auid = get_auid();
 	p->uid = get_current_uid_gid();
 
-	// Reading the absolute path of the process exe for matchBinaries.
-	// Historically we used the filename, a potentially relative path (maybe to
-	// a symlink) coming from the execve tracepoint. For kernels not supporting
-	// large BPF prog, we still use the filename.
-#ifdef __LARGE_BPF_PROG
-	read_exe(task, &event->exe);
-#endif
-
 	p->size += read_path(ctx, event, filename);
 	p->size += read_args(ctx, event);
 	p->size += read_cwd(ctx, p);
@@ -253,6 +245,14 @@ execve_send(struct sched_execve_args *ctx)
 	if (!event)
 		return 0;
 
+#ifdef __LARGE_BPF_PROG
+	// Reading the absolute path of the process exe for matchBinaries.
+	// Historically we used the filename, a potentially relative path (maybe to
+	// a symlink) coming from the execve tracepoint. For kernels not supporting
+	// large BPF prog, we still use the filename.
+	read_exe((struct task_struct *)get_current_task(), &event->exe);
+#endif
+
 	p = &event->process;
 
 	pid = (get_current_pid_tgid() >> 32);