Critical file changes not recognized by scan

I’m using WF 6.3.0.

1)
The scan doesn’t recognize changes in WPs root directory, for example changes in
wp-config.php, and I tried for testing also wp-atom.php.

It seems to work (reliable?) in plugin files. I just tried with one plugin file, and WF came up with a correct notification about the change.

And then there’s (one?) exception in WPs root: wp-config-sample.php has changes (I have just the german version), which are correctly reported.

2)
I have the Theme Twenty Seventeen 1.1 installed, and modified in various files.
None of these changes are recognized by WF.

So all in all, the scan is very unreliable (and it’s unfortunately not a new issue – I’ve opened another thread about similar issues 6 months ago).
If I scan with the plugin “Look-See Security Scanner” it recognizes the changes. I would prefer to use WF because it’s ability to show how a file changed, and to check them against original WP/Plugin repositories.
But what is the scan worth if I can’t count on it? ??

In the Options–>Scans to include, I have everything on, except these:
– Scan for the HeartBleed vulnerability
– Scan for out of date plugins, themes and WordPress versions
– Check the strength of passwords
– Scan images, binary, and other files as if they were executable
– Enable HIGH SENSITIVITY scanning (may give false positives
– Use low resource scanning (reduces server load by lengthening the scan duration)
– Exclude files: empty

The scan runs through, without errors.

Under “Ignored Issues” I have:
– wp-config-sample.php
– 4 php plugin files
– 15 Readme.txt files

wp-config.php ist not in the ignored list. And none of the Theme files of course.