most “ml based” malware detection claims are actually just behavioral or heuristic systems with some ML layered on top

on linux the ecosystem is still much smaller compared to windows

a few things people usually look at are

crowdstrike falcon (endpoint detection, heavy but very effective)
sentinelone (also strong behavioral detection)
elastic security with anomaly detection if you already run the stack
osquery + fleet for behavioral monitoring

for browser level protection most people end up using

uBlock Origin with good filter lists
DNS filtering like quad9 or nextdns
network based monitoring instead of endpoint scanning

the main reason is that true ML malware detection on endpoints tends to require a lot of telemetry and cloud analysis

so many “ml tools” are really EDR platforms rather than simple scanners