Using a standard (limited rights) account can improve the security of your system against malware - it really depends on the situation, for example, what the malware on your system is trying to do.
Normally, security software starts up one way or another as the system is booting (usually through a device driver which would come together with a windows service). They also avoid having User Account Control prompts after the user logs in, whilst keeping administrator (or SYSTEM) rights on their processes. This means, even if you are using a standard account on Windows, the security software should still function correctly without requiring User Account Control consent all the time. Although, I should point out that there are less advanced or matured security products out there which will not function properly without the required privileges, nor have the ability to work like the bigger security products and sort themselves out without requiring regular User Account Control consent from the user.
If you wish to install or tamper with the installation of existing security software, usually this will require administrator rights. For example,
if you wanted to install Avast Antivirus you would require administrator rights (since the installer would wish to do things which more desired rights are required to do due to windows security - such as install device drivers, drop in protected directories like Program Files, etc).
In terms of a ransomware infection,
I personally believe that having UAC enabled (on an admin account) would help protect the system. The reason for this is because
more popular ransomware infections tend to perform little tricks on the system which usually would require additional privileges (such as administrator privileges) to prevent the cancelling of the encryption by the user and help evade detection during encryption process. These tricks can include
process manipulation attacking towards a legitimate windows process running in the background (examples of this would include csrss.exe), where the purpose would be for the encryption code to execute from the windows process so if the user found the ransomware process and terminated it,
the encryption process would still continue without the user even being further aware of the situation (and if no current security prevented this attack, I doubt an on-demand scan would usually catch this activity out after its been done). Such tricks like attacking a windows process would require the launcher of the ransomware to have the correct rights to do such a thing; these rights can be obtained through using both documented and undocumented APIs in Windows, however I should note that to use these APIs for success of the accomplished goal,
the program would need to be running as administrator anyway.
As well as this, further apart from "tricks" which ransomware may or may not use (because they are not always used, and the one described above is for more advanced ransomware attacks), administrative privileges would be required to do things such as access protected directories (like Program Files directory), install device drivers on the system, perform auto-run modifications to have a program start for all users on the system (through HKEY_LOCAL_MACHINE), create tasks using the task scheduler and other things. Therefore, you can also be better protected from a wide variety of infections, not just ransomware attacks.
You could set up some tricks of your own against ransomware attacks (or any malware without administrative rights). You could create your own folder in a protected directory and then store some really important personal documents in there instead. Meaning, when ransomware comes along and tries to encrypt, if it doesn't have the correct privileges (administrator or higher), then it won't be able to access the directory to encrypt the files.
If you are careful and double check which programs you allow to run with administrative rights, you can safeguard your system from a wide variety of potential malware attacks. User Account Control is one of the most underrated security features in Windows, I see people rate it negatively all the time, however it's actually very good when used correctly. The aim of it isn't to auto-block malware, it's down to you to decide which programs should be granted "special privileges" if you prefer that term; use it wisely and you will be better protected.
That's not to say that all malware requires administrative privileges. Some malware will not require additional privileges than the standard to function - it really depends on the type of malware infection taking place, the goals from the attacker. In fact, targeted and sophisticated malware may even exploit features like UAC silently. But even then,
if you are careful with what you download and the websites you visit, you can better protect yourself from malware which only requires the littlest of privileges, no matter of the purpose behind the attack.
In my opinion, you may as well just use an Administrator account with UAC enabled and set to Always Notify. This approach is useful, as well as providing more rights to your account as a whole.
I know this post was really long, much longer than you expected. I tried to cut it down but I have some sort of addiction to detail. If you do not understand anything, don't hesitate to ask me to explain it differently. If I misunderstood your questions, then I am really sorry.
Hope this helped.