Appreciate what you're saying - my understanding is this exploit triggers the Outlook client to initiate an outbound SMB connection via the system process thereby exposing the NTLM hash.
ESET Mail Security is running in the inbound side of Exchange edge transport - before the exploit ever reaches the mailbox, and far before the Outlook client comes into play.