Just because everyone does it doesn't not make it a dumb idea. Everyone eats sugar.
If the average corporation hates/mistrusts their employees enough to add a single point of failure to their entire business and let a 3rd party have full access to their systems, then well, they reap what they sow.
I think you have to look beyond the company. In my experience, even the people implementing these tools hate them and rarely have some evil desire to spy on their employees and slow down their laptops. But without them as part of the IT suite, the company can't tick the EDR or AV box, pass a certain certification, land a certain type of customer, etc. It is certainly an unfortunate cycle.
This goes way higher than the average corporation.
This is companies trying desperately to deliver value to their customer at a profit while also maintaining SOC 2, GDPR, PCI, HIPAA, etc. compliance.
If you're not a cybersecurity company, a company like CrowdStrike saying: 'hey, pay us a monthly fee and we'll ensure you're 100% compliant _and_ protected' sounds like a dream come true. Until today, it probably was! Hell, even after today, when the dust settles, still probably worth it.
If the average corporation hates/mistrusts their employees enough to add a single point of failure to their entire business and let a 3rd party have full access to their systems, then well, they reap what they sow.