Maybe you missed CVE-2018-0986 (https://portal.msrc.microsoft.com/en-US/security-guidance/ad...) and other related notices for Defender and other products, but it's not a great idea these days to let poor quality (remember, MS fired its QA) highly privileged software like Windows Defender or other antiviruses run and automatically scan every file (or worse as some newer systems are doing attach themselves to every process and scan their memory) since that software is itself vulnerable to exploits.
Admittedly the link I posted goes a bit beyond what's strictly needed, but it captures the spirit of the classic Windows setup. It used to be, you buy a new machine, first thing you do is wipe the pre-installed Windows (and all the crap the machine's seller put on there), hope there's not a rootkit (Lenovo, Sony), then install vanilla Windows, then install your graphics drivers... Now it's wipe the pre-installed Windows Home, go buy Windows Professional and then install that, go through the above link to vanilla-ize it and get rid of the pre-installed crap plus take back control of your privacy and machine behavior, then you're ready to download graphics drivers and so on...
Admittedly the link I posted goes a bit beyond what's strictly needed, but it captures the spirit of the classic Windows setup. It used to be, you buy a new machine, first thing you do is wipe the pre-installed Windows (and all the crap the machine's seller put on there), hope there's not a rootkit (Lenovo, Sony), then install vanilla Windows, then install your graphics drivers... Now it's wipe the pre-installed Windows Home, go buy Windows Professional and then install that, go through the above link to vanilla-ize it and get rid of the pre-installed crap plus take back control of your privacy and machine behavior, then you're ready to download graphics drivers and so on...