How many threats has it detected for you? I ran it for a decade or so and it caught exactly zero, so then I decided to disable it, because it makes file system access about 5-10x slower than it can be on my NVMe drive. Not bandwidth, but I/O syscalls. So things like node_modules become a real pain.