Is my assessment of Sandboxie vs. Anti-maleware/virus software correct or am I overrating Sandboxie?
You are overrating it in my opinion, as you are comparing Sandboxie to Antivirus and Antimalware software. The three of them are different. Yes, it can be seen as a good practice to use Sandboxie when you browse the web, but this isn't bulletproof. There is exploits for Sandboxie, which allows a process to escape the virtualized environment it created, and therefore access the host. I know someone who found two 0-days in Sandboxie just by messing around with it while being bored (both are patched now since he reported them). So you can be sure that if there's working 0-days for Sandboxie around, they are being used. I don't know if popular Exploit Kits like Angler, Nuclear, Rigs, etc. come with Sandboxie 0-days to escape it if they ever hit a web browser running in it's environment, but it's a possibility. Also, a lot of malware have virtualization detection, which means that if they see that they run in a virtualized/isolated environment (such as a Virtual Machine or Sandboxie), they might not launch at all or act like a legitimate process to not raise suspicion. When this happens, you'll see the process as being normal, you might lower your guard and then run it directly on your host system, and then you'll be infected. These are the two major flaws I see with relying on Sandboxie to keep yourself secure.
On the other hand, if you use an Anti-Exploit (like Malwarebytes Anti-Exploit) when you browse the web, you'll the stop the exploits before they even reach your system (if you rely on Sandboxie, they'll be dropped on the system and if they have a 0-day to escape it's environment, you'll end up infected). An Antivirus (or Antimalware) could also block the page or request to a page where an Exploit Kit is located, or a page known to distribute malicious content. Sandboxie won't do that. In the end, if you really get infected, what will Sandboxie do about it? Nothing. This is when you'll want to have a good Antimalware installed to scan your system with, or it might even detect it in real-time if you have that feature.
I wrapped this up quickly, but to sum it up, yes it's a good idea to sandbox your web browser when you browse the web (some web browsers like Google Chrome have built-in sandboxing features, so it can be redundant), but you cannot rely only on it, nor can you compare this "protection setup" to using an Antivirus, Antimalware, Firewall, etc.