Not to jump at you in another comment thread, but any OS that is deployed in a business environment should have some form of endpoint protection installed unless it is fully airgapped + isolated.

Despite the myth that “Linux doesn’t get malware”, it absolutely does and should have protection installed. Even if the OS itself was immune to infection, any possible update can introduce a vulnerability to that.

Additionally, again, even if the OS (or kernel in the case of linux) couldn’t be infected or attacked, the packages or services installed can be attacked, infected, or otherwise messed with and should be protected.