diff --git a/comp/core/workloadfilter/baseimpl/filter_utils.go b/comp/core/workloadfilter/baseimpl/filter_utils.go
index 3f9ecb3379a7..2f0b1490041d 100644
--- a/comp/core/workloadfilter/baseimpl/filter_utils.go
+++ b/comp/core/workloadfilter/baseimpl/filter_utils.go
@@ -236,7 +236,7 @@ func (pf *filterSelection) computeKubeEndpointAutodiscoveryFilters(_ config.Comp
 // computeContainerComplianceFilters computes container compliance filters
 func (pf *filterSelection) computeContainerComplianceFilters(cfg config.Component) [][]workloadfilter.ContainerFilter {
 	flist := []workloadfilter.ContainerFilter{workloadfilter.ContainerLegacyCompliance}
-	if cfg.GetBool("compliance_config.exclude_pause_containers") {
+	if cfg.GetBool("compliance_config.exclude_pause_container") {
 		flist = append(flist, workloadfilter.ContainerPaused)
 	}
 	return [][]workloadfilter.ContainerFilter{flist}
@@ -245,7 +245,7 @@ func (pf *filterSelection) computeContainerComplianceFilters(cfg config.Componen
 // computeContainerRuntimeSecurityFilters computes container runtime security filters
 func (pf *filterSelection) computeContainerRuntimeSecurityFilters(cfg config.Component) [][]workloadfilter.ContainerFilter {
 	flist := []workloadfilter.ContainerFilter{workloadfilter.ContainerLegacyRuntimeSecurity}
-	if cfg.GetBool("runtime_security_config.exclude_pause_containers") {
+	if cfg.GetBool("runtime_security_config.exclude_pause_container") {
 		flist = append(flist, workloadfilter.ContainerPaused)
 	}
 	return [][]workloadfilter.ContainerFilter{flist}
diff --git a/comp/core/workloadfilter/impl/filter_test.go b/comp/core/workloadfilter/impl/filter_test.go
index 7a4f08d88aef..24b7240756d9 100644
--- a/comp/core/workloadfilter/impl/filter_test.go
+++ b/comp/core/workloadfilter/impl/filter_test.go
@@ -1345,6 +1345,7 @@ func TestContainerRuntimeSecurityAndComplianceFilters(t *testing.T) {
 	// Setup Compliance Config
 	mockConfig.SetWithoutSource("compliance_config.container_include", []string{"image:compliance-agent"})
 	mockConfig.SetWithoutSource("compliance_config.container_exclude", []string{"image:malicious"})
+	mockConfig.SetWithoutSource("compliance_config.exclude_pause_container", false)
 
 	// Setup Runtime Security Config
 	mockSystemProbe.SetWithoutSource("runtime_security_config.container_include", []string{"image:security-agent"})
@@ -1357,12 +1358,14 @@ func TestContainerRuntimeSecurityAndComplianceFilters(t *testing.T) {
 		includedContainer := workloadfilter.CreateContainerImage("compliance-agent")
 		excludedContainer := workloadfilter.CreateContainerImage("malicious")
 		unknownContainer := workloadfilter.CreateContainerImage("security-agent")
+		pauseContainer := workloadfilter.CreateContainerImage("kubernetes/pause")
 
 		filterBundle := filterStore.GetContainerComplianceFilters()
 
 		assert.Equal(t, workloadfilter.Included, filterBundle.GetResult(includedContainer))
 		assert.Equal(t, workloadfilter.Excluded, filterBundle.GetResult(excludedContainer))
 		assert.Equal(t, workloadfilter.Unknown, filterBundle.GetResult(unknownContainer))
+		assert.Equal(t, workloadfilter.Unknown, filterBundle.GetResult(pauseContainer))
 	})
 
 	// Test Runtime Security Filter
@@ -1370,12 +1373,14 @@ func TestContainerRuntimeSecurityAndComplianceFilters(t *testing.T) {
 		includedContainer := workloadfilter.CreateContainerImage("security-agent")
 		excludedContainer := workloadfilter.CreateContainerImage("suspicious")
 		unknownContainer := workloadfilter.CreateContainerImage("malicious")
+		pauseContainer := workloadfilter.CreateContainerImage("kubernetes/pause")
 
 		filterBundle := filterStore.GetContainerRuntimeSecurityFilters()
 
 		assert.Equal(t, workloadfilter.Included, filterBundle.GetResult(includedContainer))
 		assert.Equal(t, workloadfilter.Excluded, filterBundle.GetResult(excludedContainer))
 		assert.Equal(t, workloadfilter.Unknown, filterBundle.GetResult(unknownContainer))
+		assert.Equal(t, workloadfilter.Excluded, filterBundle.GetResult(pauseContainer))
 	})
 
 }