I don’t trust any one product as an end-all/be-all solution while not discounting that for the vast majority of users a single choice is the only solution.
The universe of consumer end point products is so broad (the word antivirus in this thread’s subject should be in quotes), it’s been almost a decade that I stopped making any recommendation to acquaintances who know or hear that I have a slew of industry certifications and 20+ years in the business.
But since you asked And I’ve been wanting to write this up for a long time geek pal anyhow, although this here is abbreviated somewhat.
DNS - 184.108.40.206 220.127.116.11 (Quad9, the PCH & IBM X-Force cooperative product)
• For my primary system, Windows 7:
MS Security Essentials. I created a scheduled task to run every four hours “MpCmdRun.exe -SignatureUpdate” under the SYSTEM account. As MS updates several times a day, this is far more efficient than waiting on a server push. “Signature” is inaccurate as MS refers to these as Definitions, three of 'em: antivirus, antispyware and network inspection system (NIS). See FYI below.
SpyShelter Anti-keylogger, default settings.
AppCheck Pro Anti-Ramsomware, exploit protection disabled because…
Malwarebytes Anti-Exploit, considerably tweaked.
• For two secondary systems running Widows 10, home and pro:
Windows default protection (Defender, SmartScreen, UAC, etc. etc.)
The aforementioned signature update scheduled task.
AppCheck Pro Anti-Ramsomware
• All systems, browser protection in Firefox 60.x ESR:
Deceptive Content and Dangerous Software Protection, enabled
Substantial tweaks to about:config prefs beyond the scope of this discussion, but these extensions will suffice with minimal burden on the user:
AdGuard, phishing and malware protection enabled and using these filter sets:
-AdGuard Base, Spyware, Social Media, Annoyances (the latter two, optional)
-NoCoin Filter List
My stand-alone on-access scanning choices:
Emsisoft Emergency Kit.
ESET online scanner, but run from a local install (it can be done).
That’s it, but furthermore…
FYI on MSSE & Windows 8 & 10 Defender updates:
You might see “No new threats have been identified in this definition update” and/or “No threat detections were updated in this definition update” as the global push schemes might not coincide with new stuff at any given point in time. Thought there is a new version number, it’s basically telling MSSE or Defender, “Keep going with what you got.”
IMHO, AppCheck Anti-Ramsomware Free is quite capable.
The Windows 10 Pro system is running with an ancient Core 2 Duo E8400, G35 chipset and 4 GB RAM and my described system and browser setups present no significant slowdowns and no conflicts or depreciation due to redundancy.
For about six weeks, I’ve been successfully using the experimental DNS over HTTPS (DoH) mode 2 with Cloudflare in Firefox on my Win7 system. This process is exclusive to Firefox connectivity. Your system DNS settings and operation remain unaffected nor does system DNS care about what that’s doing in Firefox.
Try this if you’re looking for geek fun and bragging rights. For more info, Google is your friend.