alt Hacker NewsLot's of enterprises are enabling whitelisting of apps launching using some sort of tooling - I think Microsoft provides one, and CrowdStrike etc. It's likely the delay involves a call to a backend application or even sometimes a web server. This would be on top of real-time scanning of every file before it's opened.
Replies
Yes, it's usually a filter driver that delays execution until something like a hash is checked or other rules evaluate. Some products hash every interesting/executable file on the PC. They're powerful tools but can be extremely performance-sapping.
True ... my company recently started deploying endpoint protection like crowdstrike, beyondtrust, zscalet onto our macs and these have slowed my machine considerably. They somehow spike the CPU just when I am doing something important.
Microsoft has AppLocker (since Win7, I think). If you give it a curated whitelist it's actually quite alright and manages well via GPO. (until you manage to lock yourself out ;) Much less overhead than any 3rd party tool that hooks the kernel.