This in general is a hard problem, but I recommend partnering with a University that has a strong info security and computer science program. Crowdstrike has a very good system for detecting these "abnormal behavior" events at scale. You will need to ingest a large amount of data, to a central log server that collects all of the MacOS logs. With a machine learning approach, you will need a large list of anomalies You can also try things like an "artificial ignorance" approach, where you alert on the first time a user runs a new program. But it will be hard to filter out "bad software install" compared with regular installs.

I'm also having this issues - freezing for up to 20 seconds, with a dual monitor system. (Both external monitors are Dell HDMI monitors, but different resolutions) MacOS Monterey 12.6.1 (just upgraded < 2 weeks ago) MacBook Pro (16-inch 2019) CPU: 2.4 Ghz 8-core Intel Core i9 Memory: 32 GB 2667 Mhz DDR4 Very frustrating