As long as the dll was recognized, the whole exe would be detected. Maybe you ran it before the detection was added at ~`2:20, maybe you have an older product that doesn't support streamed updates, maybe you had LiveGrid not working... The case and your cfg would need to be investigated in order to tell. What can we say 100% that after 2:10-2:30 users with streamed updates and LG enabled and working were 100% protected.
This is how the detection would have looked like at that time:
Scanned disks, folders and files: C:\test2\documento.exe
C:\test2\documento.exe - Suspicious Object
Number of scanned objects: 1
Number of detections: 1
And here is how ESET reacted with 2-month old modules:
The malware was executed. When the injection itself was performed, AMSI scanner detected a malicious script...
Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
7/28/2019 4:06:06 PM;AMSI scanner;file;script;MSIL/Bladabindi.BC trojan;blocked;DESKTOP-5JIJ6V4\Admin;;AB122C106AC5DFA34C8168069E847F7F6DDDF550;
And the malicious process was terminated:
AMSI has been supported since Windows 8.1 so on older systems it's possible that the malware would have run with outdated modules.
The file is an activator. Should not be detected as malware but as a hacktool application at most. Those who detect it as malware are wrong. We're not going to detect it for now since we are antimalware and not anti-cracking sw.
We do not provide data recovery services.
We would have protected the user provided that they had the system secured, preventing attackers from exploiting RDP. Our protection were not most likely password protected so the attacker could easily pause protection. Again, not ESET's fault.
I don't know what solution you were trying to find if the user had no backup created. The only solution is to pay the ransom and get a decoder with no warranty which we do not recommend.