Ok, for me this is a minefield of a topic. I’m usually called paranoid and extremist. So let me explain it with 5 recomendations:
First and foremost all your data should be encrypted and backed up as frequently as possible. (Multiple times on different locations.) This premise I see as a non negotiable.
Second be careful on your day to day, and don’t go around opening things, just because you are curious. (Downloading from trusted sources, always use the provided Checksum, etc.)
Third, always install it first in a burner PC. Nowadays is awfully easy and a no brainer since you can create a Virtual machine and install a OS for testing for free. (Even Microsoft provides ISOs for this.)
This Machine is the one that needs a separate Antivirus. Even multiple ones. Be as paranoid as you want, Just be sure you keep all the virus definitions up to date.
Fourth, On the Main OS Simply use the included one on Windows10, it’s fully merged with windows, doesn’t take much resources offers a lower attack surface area for malicious software, is not intrusive on your daily activities, and more important than anything is almost as good as separate AV software. I’m talking 97% detection rate VS 98% for other antivirus. Microsoft shares his definitions with all other manufacturers.
Fifth, Keep your OS and all your software updated. No antivirus is going to make your PC safe, (look point one again). Because of this reinstalling a OS from Zero every so often still is the best way of protecting yourself. If you got infected in some place, or by some app that uses a zero day exploit this is going to be your only option.
I personally use a Sixth one, install only what you use. Deny execution permision to anything else. (Whitelist what you want running, everything else is denied by default.)