from my experience i have used on Windows:
avast, but since they added that keylogger i do not trust them anymore.
AVG, but it was not that great.
Comodo, do not install their browser but the antivirus is actually good.
ClamWin, probably one of the worse at detecting "virus" but no shady company behind it.
Windows Defender, from the test i saw probably not much better than clamwin but with a much shadier company behind it.
Malwarbyte, only ever used it as a 2nd antimalware when i had doubt about my main one, seemed pretty good at the time better than AVG.
Avira, seems to work fairly decently, detects web ad based "virus" in memory somewhat regularly.
FortiClient, seems to actually not be as good at detecting resident stuff in memory than Avira.
And on linux i only used avast and Comodo as proper AV, with the lack of downloading executable from random sources i never had any detect anything, i am not quite sure if a proper antivirus is even needed with either SElinux or AppArmor
and the is a youtube channel specialized in testing AV, i think it is the PC Security Channel, may want to give a look
https://www.thepcsecuritychannel.com/tests
Are any of these capable of busting through VM ?
and yeah TP VMs are not the be all end all of security, pretty much all of the intel security flaws can be accessed from inside VM in javascript as is row-hammer, so getting out of the VM and loading into system memory is at least in theory possible.