If you are going to use the real user profile to launch exploitable apps, then I would use AppGuard and\or HMP.A.
Using the real user profile to execute any unknown\untrusted programs is just plain asking for trouble.
A lot of security soft protections will not work in ReHIPSUser profile -- because those softs do not support multiple active user profiles; their protections will work for C:\Users\User but not C:\Users\ReHIPSUser. A case in point is AppGuard. Guarded Apps work for the real user, but all ReHIPS isolated apps are launched Un-Guarded.
All I can say is that it depends upon how you use the real user profile (desktop).
That being said, if you use ReHIPS as recommended, then you really have no need to use anything else. For best real user profile protection, I recommend AppGuard.
The AppGuard + ReHIPS combo = software restriction policy + non-hook HIPS, command line monitoring, program containment with restricted file system and registry access, and network access control (for isolated apps).
If you keep all exploitable, network facing apps isolated from each other -- it is as good security as you can get without making your security config a whole lot less user-unfriendly.
* * * * *
I really tried to mess with the real user file system and registry from inside an isolated environment, but could not succeed.
I am confident in ReHIPS' ability to protect system. A few recommended improvements - like earlier GUI startup and auto-delete ReHIPSUser - will make it even better.