Hi NSaghar, does the SEP clients have the full package installed with Proactive Threat Protection (PTP) and Network Threat Protection (NTP) also installed aside from the Antivirus and AntiSpyware.
Do you have a copy of that email? If you want to test it out for yourself, you can view the sourcecode of the email or right-click on the link instead of left-clicking and save the HTML or executable file. And you got a sample.
One of the reasons that SEP might not detect it is: if you don't have NTP and PTP installed on the client. Especially if it's a new threat. Try increasing the Bloodhound (TM) level.
Another least likely possibility is that the malware runs remotely giving only the users the end result of the program. Must be a link to enable VPN. Check the Firwall logs to be sure.