Using this tool requires disabling SIP, so not "easily bypassed" at least from a malware perspective.