diff --git a/pkg/policyfilter/rthooks/rthooks.go b/pkg/policyfilter/rthooks/rthooks.go
index bdd5d573367..d207eacc482 100644
--- a/pkg/policyfilter/rthooks/rthooks.go
+++ b/pkg/policyfilter/rthooks/rthooks.go
@@ -5,6 +5,7 @@ package rthooks
 
 import (
 	"context"
+	"fmt"
 	"path/filepath"
 	"time"
 
@@ -92,15 +93,24 @@ func createContainerHook(_ context.Context, arg *rthooks.CreateContainerArg) err
 		return err
 	}
 
-	var containerFound bool
-	var container *corev1.ContainerStatus
 	namespace := pod.ObjectMeta.Namespace
-	pod, container, containerFound = arg.Watcher.FindContainer(containerID)
-	if !containerFound {
-		log.WithError(err).Warnf("failed to find container information %s, aborting hook.", containerID)
+
+	// we cannot use arg.Watcher.FindContainer() because it uses k8s API
+	// where the container is still not available
+	containerName := ""
+	// containerd
+	if val, ok := arg.Req.Annotations["io.kubernetes.cri.container-name"]; ok {
+		containerName = val
+	} else if val, ok := arg.Req.Annotations["io.kubernetes.container.name"]; ok {
+		// crio
+		containerName = val
 	}
 
-	containerName := container.Name
+	if containerName == "" {
+		err := fmt.Errorf("failed to find container information %s, aborting hook", containerID)
+		log.Warn(err)
+		return err
+	}
 
 	log.WithFields(logrus.Fields{
 		"pod-id":         podID,