automatic responses need an event to be uploaded to ePO database. If no such event occurs or you filter those events by chance, the automatic response never triggers.
You can check if you filter for trivial "malware detected and not handled"-type events or not in Configuration-Server-Event Filtering.
Thank you for the reply.One e-mail arrived. I create a smooth filtering.
Recommend Do you have a filter?
ePolicy Orchestrator Notification
Response Name: Malware detected and not handled Event Type Name: Threat Defined at: My Organization System Location: GlobalRoot\Directory\....
Description: Sends an e-mail notification when "Malware detected and not handled" events are received
Number of events: 1
Source IPV6 addresses: 192.168.x.x
Source IPV4 addresses: 192.168.x.x
Threat Names: Virtual Machine Protection:Prevent modification of VMWare Workstation files and settings Detecting Product Names: VirusScan Enterprise
Seeing this email it looks like it is a result of acess protection rule triggered, I would not consider this the type of event you are curious at.
We have a filter for the events because if all events were enabled to be received then the database would soon get filled up with operational events such as service start and stop, update start and stop etc. Even with filtering we have several operational events (supposedly because they might have got a different event code that we filter for).
My practice is that I directly query the database (ePOEvents table) for event types and then collect event codes that need be filtered. Also it is useful to create ePO queries or automatic responses where a filter condition is to be provided.
Be informed that event filtering is doen via a evtfltr.ini file which resides in ePO installation folder. This file apparently gets modified when you modify event filtering settings, but you can modify this file by yourself by editing it as a text file and appending event codes that canot be filtered throuigh the gui.