Actually, OSArmor only handles attacks that attempt to 'misuse' Windows' own exe's. Like using SC to stop your protection service. Or using Powershell to run a malicious script. Most of the times, these are hacker attacks, and OSArmor handles it well.
And then you are relying on Norton to catch foreign exe's that are malware. Well, we all know that anti-malware are mostly signature based, and cannot be relied upon totally. And their behavioural detection is also based off previously found malware samples. Signature based solutions has their uses, they stop known malware. But they cannot be relied upon to protect you against something new. And if you are install-happy and tries everything new, then you need something else.
So I would add Faronics Anti-executable or VoodooShield, because they are anti-executables. Anti-executables take a snap-shot of your clean machine and from then on, it doesn't allow any foreign executables to run. With Faronics it prompts you, and with VoodooShield it goes online to search it's reputation database, and then it prompts you with the results of the reputation check. So an anti-exe will definitely stop any malware because they are foreign to the system. A pure anti-exe, like Faronics, couldn't care less if something is malware, if it is foreign, it prompts you.
An anti-exe, together with OSArmor would provide close to total coverage. The anti-exe stops the new stuff, and OSArmor stops misuse of Window's own stuff.
To close the remaining gaps, you would disable things you don't normally use. Like certain services. A list of services that can be disabled is given at
Harden Windows 11 for Security. How to secure Windows 11. . And then, you uninstall apps that comes with Windows that you don't use, like Power Automate. In doing so, you will reduce your attack surface further.
