I have an issue with a specific situation regarding oval, as i'm implementing my own engine (am i a masochist? a bit, but i like these kind of things :D). Currently executing multiple different Scanners on my system (Win 7 Enterprise x64) to test against my own engine. For some reason test "oval:org.cisecurity:tst:4677" (version 3) is displayed as "false" and i don't understand why. (mine returns true) Object "oval:org.cisecurity:obj:872" is supposed to find all instances of "Msexcl40.dll" in the system roots. From the different logs its seems that "path" always properly evaluates to "C:\Windows\System32" and "C:\Windows\SysWOW64" in my engine and the others. In SysWOW64 there is a "msexcl40.dll". That file is not picked up by the specified file_object in those other scanners. But from my understanding that file_object should return it, right? Or what am i missing here? I'm aware that OVAL differentiates between Case(Insensitive)Equals, but that is something to ignore for the Filesystem on Windows. (Scanners like Ovaldi do that, too. But that still fails to pick up that specific file). My engine runs as a x86 process with disabled fileguard (except when 32bit view is requested). Version of msexcl.dll is 4.0.9756.0 and the state checks if its less than 4.0.9801.1