I dare to disagree with above eminences
SRP is a build-in mechanism which hardly cost processing power. Windows does not need scripts to run for updates in user folders. I can;t see why average users need scripts to run in user folders. Most of CruelSister's made malware is started through risky file extensions. Plenty of reasons to use Andy's SWH as companion to block risky file extensions in user folders. The weak point of SRP is that this security mechanism itself also lives in userland.
Windows Defender on MAX has excellent embedded code protection for mail and office documents. Windows Defender on Max uses less CPU than WD on High or High+ and acts as a cloud whitelist for executable's. The weak point of (the very strong cloud whitelist) is that it is a huge and massive whitelist (a smaller whitelist is a more secure whitelist) and it has a very limited (only the ASR part) parent-child process monitor to deal with staged attacks.
Microsoft offers WDAC and Smart Application Control on top of these Windows mechanism to overcome the weaknesses mentioned. I look at CyberLock as a more granular and flexible WDAC or SAC and it remembers your decisions (in contrast to UAC). So why would SWH and WD-max be an overkill with CL, when CyberLock functions an improved (AI based) UAC/SAC?
The best reason to choose CL over SAC is that CL is backed by a developer who reacts rapidly on user issues (try that with M$ when SAC blocks your el cheapo unsigned restaurant menu designer).