TLDR: use threat protection, use virustotal to check specifics
The efficacy of antivirus comes and goes. I think itās important to use something and less important what you use. I like checking things against virustotal when Iām not sure because itās many different engines and I can gauge how many of them think the thing Iām looking at is malicious.
Prior to defender getting moved to the current team, it was a bit of a joke. And there was something to be said for having a third party do scanning. But the current team is pretty awesome and the focus on changing defender into an enterprise viable threat management system has had great benefits for home users.
The best thing you can do is be careful. But everyone makes mistakes, which is what threat protection is for. Like I said, I compare apps against virustotal. Heuristic scanning, behavior analysis, and Potentially Unwanted Program scanning is generally going to pick up anything that injects into something else because that is a behavior of potentially unwanted programs.
I donāt usually recommend not scanning directories at all, but customizing exceptions for what you specifically need. Of course, the level of effort involved in that is higher and that leads into the āsecurity vs usabilityā conversation which everyone has different thresholds for.