If we check host check process based upon the kernel thread instead of actual process, pulse secure linux client may failed to detected the process policy. A reliable way to check for kernel threads should be to call
/proc/$pid/exe and check its return code. If it succeeds then
$pid is a user process. If it fails with
ENOENT, then an extra
/proc/$pid/exe should tell apart the case of a kernel thread from a process that has just terminated.