I know hn has a pretty low opinion of antivirus software. Is XProtect and a skeptical view towards links and software enough to keep it secure, or should I do something else?
If it’s for personal use, I find the tooling found at Objective See’s website to be great. The RansomWhere utility can be noisy, but I don’t mind it. Link: https://objective-see.com/index.html
For enterprise use, I can highly recommend Crowdstrike Falcon.
You might try an endpoint security product like Kolide with a single-user org. Perhaps, it sounds like overkill, but there's a free trial period that you could use to button up any loose ends specifically.
I also run Malwarebytes regularly. It's never found anything for me personally, but I'm a very cautious user, and others I've recommended it to have found meaningful results that they didn't know otherwise.
Of all the traditional anti-virus tools, MalwareBytes seems to be the last one standing that doesn’t take a great deal of resources to run, and yet still scores well and finds virtually all the viruses and malware that it gets tested with.
So, if you’re deciding what to run for yourself, I would include MalwareBytes among the tools to consider. But it certainly wouldn’t be the only one.
For enterprise use, I can highly recommend Crowdstrike Falcon.