diff --git a/pkg/ebpf/processor.go b/pkg/ebpf/processor.go
index 788048888997..5c36300509b4 100644
--- a/pkg/ebpf/processor.go
+++ b/pkg/ebpf/processor.go
@@ -78,20 +78,6 @@ func (t *Tracee) RegisterEventProcessor(id events.ID, proc func(evt *trace.Event
 
 // registerEventProcessors registers all event processors, each to a specific event id.
 func (t *Tracee) registerEventProcessors() {
-	//
-	// Event Timestamps Normalization
-	//
-
-	// Convert all time relate args to nanoseconds since epoch.
-	// NOTE: Make sure to convert time related args (of your event) in here, so that
-	// any later code has access to normalized time arguments.
-	t.RegisterEventProcessor(events.SchedProcessFork, t.normalizeTimeArg(
-		"start_time",
-		"parent_start_time",
-		"parent_process_start_time",
-		"leader_start_time",
-	))
-
 	//
 	// Process Tree Processors
 	//
@@ -99,6 +85,18 @@ func (t *Tracee) registerEventProcessors() {
 	// Processors registered when proctree source "events" is enabled.
 	switch t.config.ProcTree.Source {
 	case proctree.SourceEvents, proctree.SourceBoth:
+		// Event Timestamps Normalization
+		//
+		// Convert all time relate args to nanoseconds since epoch.
+		// NOTE: Make sure to convert time related args (of your event) in here, so that
+		// any later code has access to normalized time arguments.
+		t.RegisterEventProcessor(events.SchedProcessFork, t.normalizeTimeArg(
+			"start_time",
+			"parent_start_time",
+			"parent_process_start_time",
+			"leader_start_time",
+		))
+
 		t.RegisterEventProcessor(events.SchedProcessFork, t.procTreeForkProcessor)
 		t.RegisterEventProcessor(events.SchedProcessExec, t.procTreeExecProcessor)
 		t.RegisterEventProcessor(events.SchedProcessExit, t.procTreeExitProcessor)