diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 62d6f43f..96e059f4 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1550,7 +1550,7 @@
     and not proc.name in (user_known_change_thread_namespace_binaries)
     and not proc.name startswith "runc"
     and not proc.cmdline startswith "containerd"
-    and not proc.pname in (sysdigcloud_binaries)
+    and not proc.pname in (sysdigcloud_binaries, hyperkube, kubelet)
     and not python_running_sdchecks
     and not java_running_sdjagent
     and not kubelet_running_loopback
diff --git a/test/falco_tests.yaml b/test/falco_tests.yaml
index 801c1678..f61a8b85 100644
--- a/test/falco_tests.yaml
+++ b/test/falco_tests.yaml
@@ -689,7 +689,7 @@ trace_files: !mux
       - "Non sudo setuid": 1
       - "Create files below dev": 1
       - "Modify binary dirs": 2
-      - "Change thread namespace": 2
+      - "Change thread namespace": 1
 
   disabled_tags_a:
     detect: True
diff --git a/test/falco_traces.yaml.in b/test/falco_traces.yaml.in
index bfc146b1..f9e535cc 100644
--- a/test/falco_traces.yaml.in
+++ b/test/falco_traces.yaml.in
@@ -26,7 +26,7 @@ traces: !mux
     detect: True
     detect_level: NOTICE
     detect_counts:
-      - "Change thread namespace": 2
+      - "Change thread namespace": 1
 
   container-privileged:
     trace_file: traces-positive/container-privileged.scap
@@ -73,7 +73,7 @@ traces: !mux
       - "Non sudo setuid": 1
       - "Create files below dev": 1
       - "Modify binary dirs": 2
-      - "Change thread namespace": 2
+      - "Change thread namespace": 1
 
   mkdir-binary-dirs:
     trace_file: traces-positive/mkdir-binary-dirs.scap