Hmm that's a nice idea and I did this before but testing in a VM can be done without using Shadow Defender specially with Oracle VM Virtual Box as it has snapshot feature unlike VmWare Player. I test other AVs on a Windows 7 VM but I had a constant CPU usage problem with Windows 10 in a vm so didn't try after that.You could run Shadowdefender on your host and run your tests in a VM. that is what I do.
I think most people don't even run into any malware in general. Almost everyday in my country I see people posting screenshots about their files got encrypted. And 99.99% of the time the reason is they downloaded a cracked program or game from some random site and either they turned off their AV before running that file or if it's a Windows 7 user then most of them didn't even have any AV installed.Good thing most people don’t run in to large packs of malware running around in the wild!
Excluding Windows Defender, Kaspersky is the most used AV here. They have a huge market share as they were first to come here and promote and sell AVs. According to Kaspersky's latest report, my country is number 1 in their list of countries with most ransomwares attack. Like I said above, all those are related to creaked programs. People with good browsing habits are rarely infected.