diff --git a/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch b/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
new file mode 100644
index 0000000..77d8b01
--- /dev/null
+++ b/SOURCES/openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
@@ -0,0 +1,94 @@
+diff --git a/src/OVAL/probes/fsdev.c b/src/OVAL/probes/fsdev.c
+index 82356d5e0..983675098 100644
+--- a/src/OVAL/probes/fsdev.c
++++ b/src/OVAL/probes/fsdev.c
+@@ -62,6 +62,7 @@
+ #endif
+ 
+ #include "fsdev.h"
++#include "common/util.h"
+ 
+ /**
+  * Compare two dev_t variables.
+@@ -79,10 +80,6 @@ static int fsdev_cmp(const void *a, const void *b)
+ #if defined(OS_LINUX)
+ static int is_local_fs(struct mntent *ment)
+ {
+-// todo: would it be usefull to provide the choice during build-time?
+-#if 1
+-	char *s;
+-
+ 	/*
+ 	 * When type of the filesystem is autofs, it means the mtab entry
+ 	 * describes the autofs configuration, which means ment->mnt_fsname
+@@ -97,37 +94,42 @@ static int is_local_fs(struct mntent *ment)
+ 		return 0;
+ 	}
+ 
+-	if (ment->mnt_fsname == NULL) {
+-		return 0;
+-	}
+-
+-	s = ment->mnt_fsname;
+-	/* If the fsname begins with "//", it is probably CIFS. */
+-	if (s[0] == '/' && s[1] == '/')
+-		return 0;
+-
+-	/* If there's a ':' in the fsname and it occurs before any
+-	 * '/', then this is probably NFS and the file system is
+-	 * considered "remote".
++	/*
++	 * The following code is inspired by systemd, function fstype_is_network:
++	 * https://github.com/systemd/systemd/blob/21fd6bc263f49b57867d90d2e1f9f255e5509134/src/basic/mountpoint-util.c#L290
+ 	 */
+-	s = strpbrk(s, "/:");
+-	if (s && *s == ':')
+-		return 0;
+ 
++	const char *fstype = ment->mnt_type;
++	if (oscap_str_startswith(fstype, "fuse.")) {
++		fstype += strlen("fuse.");
++	}
++	const char *network_fs[] = {
++		"afs",
++		"ceph",
++		"cifs",
++		"smb3",
++		"smbfs",
++		"sshfs",
++		"ncpfs",
++		"ncp",
++		"nfs",
++		"nfs4",
++		"gfs",
++		"gfs2",
++		"glusterfs",
++		"gpfs",
++		"pvfs2", /* OrangeFS */
++		"ocfs2",
++		"lustre",
++		"davfs",
++		NULL
++	};
++	for (int i = 0; network_fs[i]; i++) {
++		if (!strcmp(network_fs[i], fstype)) {
++			return 0;
++		}
++	}
+ 	return 1;
+-#else
+-	struct stat st;
+-
+-	/* If the file system is not backed-up by a real file, it is
+-	   considered remote. A notable exception is "tmpfs" to allow
+-	   traversal of /tmp et al. */
+-	if (strcmp(ment->mnt_fsname, "tmpfs") != 0
+-	    && (stat(ment->mnt_fsname, &st) != 0
+-		|| !(S_ISBLK(st.st_mode))))
+-		return 0;
+-	else
+-		return 1;
+-#endif
+ }
+ 
+ #elif defined(OS_AIX)
diff --git a/SPECS/openscap.spec b/SPECS/openscap.spec
index 6836de2..2536e77 100644
--- a/SPECS/openscap.spec
+++ b/SPECS/openscap.spec
@@ -1,6 +1,6 @@
 Name:           openscap
 Version:        1.3.3
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Set of open source libraries enabling integration of the SCAP line of standards
 Group:          System Environment/Libraries
 License:        LGPLv2+
@@ -12,6 +12,7 @@ Patch3:	        openscap-1.3.4-add_compression_support-PR_1557.patch
 Patch4:	        openscap-1.3.4-add_compression_test-PR_1564.patch
 Patch5:	        openscap-1.3.4-add_compression_tracing-PR_1561.patch
 Patch6:         openscap-1.3.4-rpmverifyfile_leak-PR_1565.patch
+Patch7:         openscap-1.3.4-detect_remote_file_systems-PR_1573.patch
 
 BuildRequires:  cmake >= 2.6
 BuildRequires:  swig libxml2-devel libxslt-devel perl-generators perl-XML-Parser
@@ -138,6 +139,7 @@ for developing applications that use %{name}-engine-sce.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 mkdir build
 
 %build
@@ -225,6 +227,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_bindir}/oscap-run-sce-script
 
 %changelog
+* Wed Aug 19 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-5
+- Detect remote file systems correctly (RHBZ#1870087)
+
 * Mon Aug 03 2020 Jan Černý <jcerny@redhat.com> - 1.3.3-4
 - Fix memory leaks in rpmverifyfile probe (RHBZ#1861301)