Is there some kind of global ad blocker on 2023 MacBook Air running Sonoma 14.5?

Using TotalAV is a waste of money and hope that it will block non-existent viruses, or prevent you from installing ads/malware that you install using your admin password. TotalAV may likely be interfering with not only the normal operating system behavior but also messing with normal Safari browsing.

I won't be the only one who recommends your thorough removal of not just TotalAV but any so-called anti-virus tools. Years of user posts here suggest that removing these fixes a host of problems.

I do not use any ad-blockers in Safari (my principal browser) because I got tired of the counter ad-blocker dialogs opening on websites that either want me to white list their site or remove my ad blocker.

My 2¢ on the subject:

First, there is no reason to ever install or run any 3rd party "cleaning", "optimizing", "speed-up", anti-virus, VPN or security apps on your Mac.  This documents describe what you need to know and do in order to protect your Mac: Effective defenses against malware and other threats - Apple Community and Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support.  

There are no known viruses, i.e. self propagating, for Macs.  There are, however, adware and malware which require the user to install although unwittingly most of the time thru sneaky links, etc.   

Anti Virus developers try to group all types as viruses into their ad campaigns of fear.  They do a poor job of the detecting and isolating the adware and malware.  Since there are no viruses these apps use up a lot of system resources searching for what is non-existent and adversely affect system and app performance.

There is one app, Malwarebytes, which was developed by a long time contributor to these forums and a highly respected member of the computer security community, that is designed solely to seek out adware and known malware and remove it.  The free version is more than adequate for most users.  

Unless you're using a true VPN tunnel, such as between you and your employer's, school's or bank's servers, they provide false security from a privacy standpoint.  Read these two articles: Public VPN's are anything but private and Security Risks: The Dangers of Using Free VPNs (eccu.edu)

Uninstall the A/V software according to the developer's instructions.

You can check to see if you've removed all of the supporting files by downloading and running the shareware app Find Any File to search for any files with the application's or the developer's name in the file name.  For TotalAV software you'd do the following search: 

1 - Name contains totalav

Any files that are found can be dragged from the search results window to the Desktop or Trash bin in the Dock for deletion.

FAF can search areas that Spotlight can't like invisible folders, system folders and packages.  

If you get warnings that the file can't be deleted because it is in use or used by another app boot into Safe Mode according to How to use safe mode on your Mac and delete from there.

Note:  if you have a wireless keyboard with rechargeable batteries connect it with its charging cable before booting into Safe Mode.  This makes it act as a wired keyboard as will assure a successful boot into Safe Mode.

I disabled everything in TotalAV.

Merely disabling non-Apple "anti-virus" products is insufficient. They have to be uninstalled in accordance with their uninstallation instructions.

Rule 1 of Macs is don't install junk. That goes for commercial VPN products as well.

Remove the add-on security apps, including any add-on VPN apps, any add-on anti-malware apps, any add-on cleaner apps, and related.

I might run 1Blocker as a Safari ad-blocking extension.

VPNs are not, in any way, security software.

Public VPN's are anything but private.

A VPN can do absolutely nothing to hide any data going between you and the site you're viewing since only half of the communication is encrypted. Anything going to the site from the VPN and back to it is in the clear, or the site you're accessing would have no idea what to do with the encrypted data.

A VPN has only two uses:

1. You're using it to send and receive content from a truly tunneled VPN at your place of employment. Only the servers at the office get the unencrypted data from you as output from the VPN. Anything coming back to you is encrypted. Meaning, anyone trying to capture data between you and the office will only ever see encrypted data. A hacker would have to somehow breach the business' server on the clear input/output side, or your end to get anything.

2. You're trying to hide yourself. Since a VPN encrypts what's coming back to you, it does a good job at hiding what IP address the data is going back to (and as the link mentions, even this doesn't do a good job of hiding you anymore). However, any and all VPN's log this data. If you do anything illegal and law enforcement tracks the clear data back to the VPN (and they can), they'll demand log data to see what IP address the data was output to. The site running the VPN will give you up. They aren't going to go to jail for what you do.

Free VPNs sell your data.  (just one of many sites explaining this)

This isn't exactly breaking news. It's been known for a very long time that free VPN's (in particular) log and sell your data. How else do you think they pay for their servers?

It's the same model as Google, and in particular, Chrome. You are the product. Chrome runs a background daemon from the moment you turn your computer on, whether Chrome itself is running or not. Its job is to constantly send anonymized data back to Google about your web and personal computer usage.

NordVPN is supposedly one of the better offerings. But it's still mostly useless. No matter what web site you're communicating with, only what you send to the VPN and it sends back to you is encrypted. Every bit of data out of the VPN to the site you're visiting, and from there back to the VPN is the same as using no VPN at all. It has to be, or the sites you're visiting would just get a load of encrypted data they can't do anything with.

VPN reviews you find online are also almost completely untrustworthy:

Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites

Kurt Lang wrote:

VPNs are not, in any way, security software.

Public VPN's are anything but private.

A VPN can do absolutely nothing to hide any data going between you and the site you're viewing since only half of the communication is encrypted. Anything going to the site from the VPN and back to it is in the clear, or the site you're accessing would have no idea what to do with the encrypted data.

A VPN has only two uses:

1. You're using it to send and receive content from a truly tunneled VPN at your place of employment. Only the servers at the office get the unencrypted data from you as output from the VPN. Anything coming back to you is encrypted. Meaning, anyone trying to capture data between you and the office will only ever see encrypted data. A hacker would have to somehow breach the business' server on the clear input/output side, or your end to get anything.

It’s yet worse: the commercial VPN providers are mostly (entirely?) VPNs using widely-known credentials for the VPN itself, which means the first-few-hops part of connection that is claimed to be protected by the second tunnel (around the end-to-end tunnels already used) really isn’t all that doubly-protected. VPNs are easier to crack when you know the credentials, which means lots of added networking and encryption overhead for rather less benefit.

The private end-to-end VPNs used by organizations are at least using per-VPN credentials for the second (and end-to-end) encrypting tunnel. Which makes those tunnels harder to crack.

If y’all do need shifting for geolocation-based website or CDN testing or such, look at Algo.

2. You're trying to hide yourself. Since a VPN encrypts what's coming back to you, it does a good job at hiding what IP address the data is going back to (and as the link mentions, even this doesn't do a good job of hiding you anymore). However, any and all VPN's log this data. If you do anything illegal and law enforcement tracks the clear data back to the VPN (and they can), they'll demand log data to see what IP address the data was output to. The site running the VPN will give you up. They aren't going to go to jail for what you do.

Various of the “no logging” VPN services were found to be logging when the unsecured “non-existent” logs for those services were found on the open ‘net some years ago, too.

Addendum: if you're looking for an adblocker give Ghostery a try. It's free, efficient and non-invasive.

There are no known Windows-like Viruses in the wild that self replicate and affect macOS, because of the underling UNIX  Foundation and Permission Limitation. 

The Operating System resides in a Sealed and Read Only Volume that cannot be opened by the User nor by Third Party Applications.

The only Entity that can open and modify or alter this Volume is Apple.

The Only thing this Antivirus software is protecting is the Bank Account of the Developers and for zero return to the User aside from the problems this software creates.

Security. Built right in

Mac app security enhancements

 The Built in Security  is all that is required to protect the computer.

Protecting against malware in macOS

In fact, you may have experience with a Norton practice that involves sending notifications through Safari that your Mac is infected, etc. It was a very simple fix (removing two notifications), but TotalAV tech support had no idea how to accomplish it.

If nothing else that demonstrates its utter worthlessness. Browser Notifications are not malware, and they are easily disabled. One would think an "anti-virus" company ought to know that.

To stop unwanted Notifications read Stop unwanted Notifications - Apple Community. They can affect any browser, not just Safari. Furthermore, since they contain more lies than a White House press briefing, they may not even be propagated by Norton or McAfee or any of the other usual suspects. The goal of those Notifications is to frighten you into loading a web page that will contain even more fraudulent information, perhaps to convince you to buy some junk product, perhaps to deceive you into revealing personal information... etc. Stop unwanted Notifications - Apple Community describes the reason they appeared, and how to stop them from ever occurring again.

What is your advice regarding a VPN?

Kurt Lang's comprehensive reply is all you need to know about commercial VPNs (actually everyone's replies are also), although I'm not convinced the ones you pay for wouldn't sell your personal information anyway.

For reasons that I fail to understand, commercial VPN services have grown in popularity recently. Perhaps that's in response to the well-earned collapse of "anti-virus" products marketed to Mac users, and now the scaremongers have to find another revenue stream, but who knows. The principle of "follow the money" works every time. Mac users in particular are an enormous potential source for it.

PS: A recent example of VPNs adding problems, while not appreciably improving security:

Unable to connect to WiFi after restoring… - Apple Community