Lot's of enterprises are enabling whitelisting of apps launching using some sort of tooling - I think Microsoft provides one, and CrowdStrike etc. It's likely the delay involves a call to a backend application or even sometimes a web server. This would be on top of real-time scanning of every file before it's opened.
Yes, it's usually a filter driver that delays execution until something like a hash is checked or other rules evaluate. Some products hash every interesting/executable file on the PC. They're powerful tools but can be extremely performance-sapping.
Microsoft has AppLocker (since Win7, I think). If you give it a curated whitelist it's actually quite alright and manages well via GPO. (until you manage to lock yourself out ;) Much less overhead than any 3rd party tool that hooks the kernel.
True ... my company recently started deploying endpoint protection like crowdstrike, beyondtrust, zscalet onto our macs and these have slowed my machine considerably. They somehow spike the CPU just when I am doing something important.
Those are basically spyware hooked to every system call.