Which feature is responsible for monitoring and responding to endpoint threats?

Endpoint Detection and Response is the capability designed to continuously monitor endpoint activity for signs of compromise and to take action to stop, investigate, and remediate threats. It goes beyond simple prevention by collecting telemetry, detecting unusual behavior, and generating alerts, then automatically or semi-automatically responding—such as isolating a device, terminating malicious processes, or enabling forensic data collection to understand how the breach happened. Antivirus protection focuses mainly on preventing known malware with signatures and heuristics, but it typically doesn’t provide the ongoing monitoring and rapid, automated response that EDR offers. File extensions and scanning compressed files are related to handling data or applying scanning techniques, not to the active detection and response workflow that protects endpoints in real time.