diff --git a/charts/shield/Chart.yaml b/charts/shield/Chart.yaml
index 49221b8d9..b5609f866 100644
--- a/charts/shield/Chart.yaml
+++ b/charts/shield/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: mavimo
     email: marcovito.moscaritolo@sysdig.com
 type: application
-version: 1.37.1
+version: 1.37.2
 appVersion: "1.0.0"
diff --git a/charts/shield/templates/host/openshift-securitycontextconstraint.yaml b/charts/shield/templates/host/openshift-securitycontextconstraint.yaml
index 40182e955..a7f05293d 100644
--- a/charts/shield/templates/host/openshift-securitycontextconstraint.yaml
+++ b/charts/shield/templates/host/openshift-securitycontextconstraint.yaml
@@ -13,8 +13,8 @@ allowHostIPC: false
 allowHostNetwork: true
 allowHostPID: true
 allowHostPorts: {{ or .Values.features.posture.host_posture.enabled (dig "prometheus_exporter" "enabled" false .Values.host.additional_settings) (dig "kspm_analyzer" "enabled" false .Values.host.additional_settings) }}
-allowPrivilegeEscalation: true
-allowPrivilegedContainer: true
+allowPrivilegeEscalation: {{ .Values.host.privileged }}
+allowPrivilegedContainer: {{ .Values.host.privileged }}
 {{- if .Values.host.privileged }}
 allowedCapabilities: []
 {{- else }}
diff --git a/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml b/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
index 7f0cff17f..ff35e6f4b 100644
--- a/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
+++ b/charts/shield/tests/host/openshift-securitycontextconstraint_test.yaml
@@ -54,6 +54,37 @@ tests:
           path: allowedCapabilities
           value: []
 
+  - it: SecurityContextConstraints allowPrivilegeEscalation/allowPrivilegedContainer are true when host.privileged is true
+    capabilities:
+      apiVersions:
+        - security.openshift.io/v1
+    set:
+      host:
+        privileged: true
+    asserts:
+      - equal:
+          path: allowPrivilegeEscalation
+          value: true
+      - equal:
+          path: allowPrivilegedContainer
+          value: true
+
+  - it: SecurityContextConstraints allowPrivilegeEscalation/allowPrivilegedContainer are false when host.privileged is false
+    capabilities:
+      apiVersions:
+        - security.openshift.io/v1
+    set:
+      host:
+        privileged: false
+        driver: universal_ebpf
+    asserts:
+      - equal:
+          path: allowPrivilegeEscalation
+          value: false
+      - equal:
+          path: allowPrivilegedContainer
+          value: false
+
   - it: SecurityContextConstraints allowedCapabilities is not empty when host.privileged is false
     capabilities:
       apiVersions: