Sean AKA Windows Kernel Expert and Fellow writes...

Windows already has something like ebpf in the kernel, DTrace. They announced the port in 2018. In Linux, all that kernel performance tooling build with ebpf, that could be used to gather heuristics and indicate security issues, was worked on by Brendan Gregg. The "shouting in the data center" guy from Sun Microsystems, where DTrace was developed. CrowdStrike could build something that uses DTrace to trap kernel syscalls and inspect behavior inside the kernel. If I were Microsoft, I would be working to build an entitlement into the kernel capabilities system which allows use of DTrace for certain signed pieces of software. Right now, if you enable DTrace right now, it's enabled for the whole system and is fantastic for bug hunting and hacking.

But I'm not Microsoft so I'll just keep using Kubuntu.