XML-tags confusing scan-engine on Network Discover and Prevent

We have been discovering a strange issue... Setup is a 12.5 Enforce and a single 12.5 NDP targeting a single fileshare with admin rights.

Policy is just one DCM-keyword-rule "test".

NDP scans the file (.xml) starting like:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- *********************************************************** -->
<!-- * Notes for configuration item detail filter CIFilter.xml * -->
<!-- *********************************************************** -->
<!-- For referencing test CIs you always test have to use the test database field names in camel test code

...

but does fail to detect the keywords "test" placed in the file, Incident count stays 0.

Changing the file to:

test<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- *********************************************************** -->
<!-- * Notes for configuration item detail filter CIFilter.xml * -->
<!-- *********************************************************** -->
<!-- For referencing test CIs you always test have to use the test database field names in camel test code

...

creates an Incident, and the policy finds the keyword "test" five times!!!

Ive CtrC and CtrA all the content to a different (.txt) file directly on the server (to pass possible encoding troubles), same result...

Could it be that the signs <?, <!-, etc confuse the scan engine?? Bug? Have you ever discovered something smilar?

Thanks for any hint in advance...... :)