- Don't disable Secure Boot, Windows Defender and Windows Firewall
- If you really think updates are annoying shift the monthly updates by one month BUT always confirm the security updates
- If you have a PRO license give a try to VBS [0] and Controlled Folder access [1] (spoiler: this will be a little annoying at the beginning but will became almost perfect with a well configured whitelist)
- Also from the next (major) patch you should use Windows Sandbox [2] to run untrusted software(still a PRO feature)