What was it packaged by? Metasploit? If so, Metasploit has a feature to bypass AV and it works almost every time against just about every AV vendor out there. Considering this happened during a pen-test, I'm not surprised. Any experienced pen-tester can run circles around anti-virus.
Now, you can submit the sample to Security Response but this file can easily be re-packaged by Metasploit to bypass AV again. Traditional AV defense is no match for this type of "malware"
I would suggest turning up the settings for Proactive Threat Protection (SONAR) by setting to aggressive.
Was this file downloaded? If so, you can also turn up the setting for Download Insight.
Yes, you would also need to look utilising System Lockdown and and Application and Device Control policy. Both of these are very good defenses against encrypted malware/APT types.