That one miss wouldn't have happened if he manually ran each sample one by one. So, it's nothing to do with increasing Defender's protection. The gangbang approach is a faulty method as we have discussed before. In a perfect scenario of course, Defender should have stopped that ransomware since they already have signatures for it. So, it's a strange behavior to miss that because products like Avast, Bitdefender, ESET, Kaspersky, etc. don't miss detecting samples for which they already have local signatures. But since this testing method is not a real-world scenario, we can somewhat ignore it. Defender have other dangerous issues like malware adding exclusions to it.