No. A big part of what drives systems like CrowdStrike is ransomware which from the kernel perspective is just an ordinary program doing ordinary file I/O. They don't change the OS so being immutable is of no help. BTW modern macOS is also immutable in the sense you're thinking.

What's needed is mandatory sandboxing of all software. ChromeOS does that, Android does that. Desktop OS are more general and whilst macOS does now sandbox all apps out of the box it's a relatively soft sandbox. So EDR still has value there but less so.

Unfortunately Windows is by now more than 15 years behind the curve on desktop OS security. Apple is way ahead. Linux barely tries to compete.

You raise that what's needed is mandatory sandboxing. Is this sufficient to mitigate the threat of ransomware or would kernel-level tools still provide more protection?

I'm also curious if there are any Linux options other than Chrome OS that provide what you feel is close to the desktop OS security of Mac OS.

It can help a bit yes. For example Mac apps have to ask before accessing your documents folder. But nothing stops the user just clicking yes, except notarization (server side virus scanning) and client side AV like the built in Xprotect.

Re: Linux. Not really no.

Does not ransomware already have a much less invasive solution in the form of offline backups?