No Real-time AV used for many years. Closest I get is when testing HMPA 3 and scan with HMP. Occasionally run MBAM free. Both come up clean on scans. Run browser and certain apps "sandboxed". Limit extension add-ons in browser along with using a custom auto proxy configuration URL file for blocking. Harden OS which include reg tweaks, disable/remove Windows services and components along with using hardware/software firewalls for inbound/outbound connections. Admin account only used for installing/removing apps and any updates when needed, otherwise run as "restricted user". System-wide virtualization used when needed and of course many image backups available to restore OS. I limit security apps AMAP and felt AV wasn't no longer needed with my security setup.