Anyone know if these two together are enough to block ransomware, or do I need to install 'Cryptoprevent' and/or some other ransomware-specific countermeasures?
One thing you need to do to stop WannaCry is disable SMBv1 in Control Panel > Program and Features.> Turn Windows Features on or off. Because it uses a vulnerability found in that module.
You could simply check for and if needed install the Microsoft patch and use whatever firewall your using to block SMB ports 137-139 & 445, the latter of which protects against any further vulnerabilities on these ports, as long as you don't need them to accept network connections.
Thanks to all that answered. In the end, Privatefirewall and Panda Antivirus proved too much for me to configure. I downgraded to the simpler (and likely less effective) Agnitum firewall and Avira Free Antivirus. Hopefully these, combined with my hardware firewall, will be enough.