diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index 3c262ca5403..3ace36a91c8 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -101,7 +101,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
 - Prevent scenario of losing children-related file events in a directory for recursive fsnotify backend of auditbeat file integrity module {pull}39133[39133]
 - Allow extra syscalls by auditbeat required in FIM with kprobes back-end {pull}39361[39361]
 - Fix losing events in FIM for OS X by allowing always to walk an added directory to monitor {pull}39362[39362]
-
+- Fix seccomp policy of FIM kprobes backend on arm64 {pull}39759[39759]
 
 
 
diff --git a/auditbeat/module/file_integrity/kprobes/seccomp_linux.go b/auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go
similarity index 54%
rename from auditbeat/module/file_integrity/kprobes/seccomp_linux.go
rename to auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go
index 90336f66795..ee281831b25 100644
--- a/auditbeat/module/file_integrity/kprobes/seccomp_linux.go
+++ b/auditbeat/module/file_integrity/kprobes/seccomp_linux_amd64.go
@@ -18,27 +18,21 @@
 package kprobes
 
 import (
-	"runtime"
-
 	"github.com/elastic/beats/v7/libbeat/common/seccomp"
 )
 
 func init() {
-	switch runtime.GOARCH {
-	case "amd64", "386", "arm64":
-		// The module/file_integrity with kprobes BE uses additional syscalls
-		if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall,
-			"eventfd2",        // required by auditbeat/tracing
-			"mount",           // required by auditbeat/tracing
-			"perf_event_open", // required by auditbeat/tracing
-			"ppoll",           // required by auditbeat/tracing
-			"umount2",         // required by auditbeat/tracing
-			"truncate",        // required during kprobes verification
-			"utime",           // required during kprobes verification
-			"utimensat",       // required during kprobes verification
-			"setxattr",        // required during kprobes verification
-		); err != nil {
-			panic(err)
-		}
+	if err := seccomp.ModifyDefaultPolicy(seccomp.AddSyscall,
+		"eventfd2",        // required by auditbeat/tracing
+		"mount",           // required by auditbeat/tracing
+		"perf_event_open", // required by auditbeat/tracing
+		"ppoll",           // required by auditbeat/tracing
+		"umount2",         // required by auditbeat/tracing
+		"truncate",        // required during kprobes verification
+		"utime",           // required during kprobes verification
+		"utimensat",       // required during kprobes verification
+		"setxattr",        // required during kprobes verification
+	); err != nil {
+		panic(err)
 	}
 }