How does EDR complement traditional antivirus?

EDR extends antivirus by continuously monitoring and recording endpoint behaviors to enable proactive threat hunting and rapid containment, rather than relying solely on signature-based alerts. It gathers rich telemetry from processes, file and registry activity, memory, network connections, and user actions, giving security teams a detailed view of what’s happening on each endpoint. This behavioral data makes it possible to spot unknown or fileless threats that don’t match existing signatures, trace an attack’s progression, and understand how it moved through the environment. With this context, teams can act quickly to contain or remediate—such as isolating a compromised device or stopping malicious activity—without waiting for a signature update. While traditional antivirus focuses on known malware patterns, EDR provides the visibility and response capabilities to address advanced or evolving threats. The other options don’t fit because EDR is not meant to replace all network security appliances like firewalls or VPNs, it doesn’t automatically fix every piece of malware without some human or policy-driven intervention, and vulnerability scanning is a different function that assesses weaknesses rather than monitoring ongoing endpoint activity.