During a 3-day Internet outage here in March, Windows Defender without access to cloud protection (but hardened via Configure Defender) erred to the side of blocking suspicious items. It quarantined some old installers I had lying around while I was running a backup job, which I found reassuring.There are times when you have to work on confidential, sensitive stuff, so while you are working on these type of projects, you lose access to basically anything other than a select set of domains/websites that your organization requires you to work on. I recall a case or two in my life where I was in such kind of closed network that I couldn't even receive antivirus updates during the working hours. There's also the case of misconfigured proxy server access at certain workplaces which would temporarily stop your AV from gaining cloud access. Unfortunately, during such times, inside the workplace, using pen drive or local intranet file transfer is still very much in vogue due to convenience factors. It is in such cases that you can get infected, and yes it has happened a few times. Of course, your AV would pick it up as soon as it got access to the net/cloud again, but it's probably not a great idea to leave a malware hanging in your computer a long while.
That's why cloud systems are not supposed to completely replace signature based systems, over dependency on cloud has a lot of negative aspects. This is a good reason why Avira and BitDefender are in fact strong candidates and well regarded in the industry: they do not need the cloud to deliver a good protection.
Ironically, I believe that Century Link (as well as some other ISPs) used its own branded version of G-Mail. I never used or trusted it.Like any email, without the snooping of Yahoo, Google, etc.