These security tools need to block any system call they don't recognize (fail closed). Obviously this breaks some apps but the alternative is huge security holes.
Maybe not blocking, but the problem is that they rely on system calls for visability for system events and that's the problem because we have mechanisms like io_uring which can allow attackers to so certain actions without making any system calls.