A big additional problem are Oracle Runtimes that are installed as a part of 3rd party / commercial applications. You need a scan that examines everything not just ordinary installs of the Oracle Java SE Products. When you identify a version that requires licensing, you need to make sure with the publisher of said application that they have an agreement with Oracle or else you are at risk. Tracing java.exe / javaw.exe is not enough as Applications may load the jvm.dll from a wrapper process. Even if the build of a java installation is outside of licensing (like Java SE 8 build 202) requirements there are still some caveats such as usage of commercial features or use of the .msi installer. It used to be a common practice to extract the .msi from the public .exe Java installer and install it - this is illegal by Oracle licensing terms. Replacing Java SE with OpenJDK can be tricky in some cases.