I agree with Commvault. We enabled the option the Friday evening when talks about WannaCry getting to the United States. It has not changed anything as far as performance that we have seen so far. Additionally, it was safe to say that our mount paths were protected by this new option, along with the alert for Ransomware, and a Job Summary report to our leadership showing there were no unexpected backup jobs that grew more than 30%. Anything above 30% that was in the report was easily identifiable and happened to be Linux systems running Oracle RAC. Thanks, Commvault. Great option especially with only allowing Commvault processes to access the media.
Just think about how bad things could get if your mount paths were infected with ransomeware and that should be enough to motivate enabling this option, especially if you have any experience cleaning WannaCry off of a system. We had around 1,000 clients infected - mostly vendor maintained that were not able to traverse to another network segment. We enabled it on all 40 Media Agents and were the only technical team to not get hit. If you do one you may as well do them all - more so if they share the same mount path.
Hope this helps.