I can't go default deny because I use my laptop for programming but I've tweaked Windows Defender using Group Policy Editor.Looks good to me. Have you applied any OS hardening of any kind?
One suggestion, if you are not already aware of it, is Hard_Configurator. It is a GUI to apply hardening via SRP. It was created and is maintained by @Andy Ful for W10 Home, but you may use it on Pro. You may find it here:
It started freezing my laptop when I'm on battery so I rolled back and went with Panda Dome Free, I can't even feel that it's running in the background.Let us know how it goes with BD. It had some bugs when I used it 6 months ago.
This is kind of funny though: "Default - Settings are balanced for security and performance" since that's all there is to it.
I always use 7-ZipI don't know what your archiver is but please consider using Bandizip or bandizip portable
It will save you from a lot of infections because Panda free is in a weaker sode compared to other well-known AVs
BitDefender Traffic Light is way better than WDBP also I use CleanBrowsing DNS.also please consider installing Windows defender browser protection extension for chrome since panda has a virtually useless webfilter