VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2015-10-27 14:23:22 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2015-10-27 19:47:56 (GMT)
commitebbbde89647ae0a7cce430ef880822805ebc2e12 (patch)
treed3f4e77715505f02b17e63cc85f82df1819b7d1c /src
parent62de77e2c869acc0f9e1f82b4347c86faaf9ac47 (diff)
downloadVeraCrypt-ebbbde89647ae0a7cce430ef880822805ebc2e12.zip
VeraCrypt-ebbbde89647ae0a7cce430ef880822805ebc2e12.tar.gz
Windows: workaround to solve false positive detection by some anti-virus software.
Diffstat (limited to 'src')
-rw-r--r--src/Common/Registry.c9
-rw-r--r--src/Common/Registry.h1
-rw-r--r--src/Setup/Setup.c4
3 files changed, 12 insertions, 2 deletions
diff --git a/src/Common/Registry.c b/src/Common/Registry.c
index 1cf2843..4216290 100644
--- a/src/Common/Registry.c
+++ b/src/Common/Registry.c
@@ -312,6 +312,13 @@ void DeleteRegistryValue (char *subKey, char *name)
void GetStartupRegKeyName (char *regk, size_t cbRegk)
{
// The string is split in order to prevent some antivirus packages from falsely reporting
- // TrueCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
+ // VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
StringCbPrintfA (regk, cbRegk,"%s%s", "Software\\Microsoft\\Windows\\Curren", "tVersion\\Run");
}
+
+void GetRestorePointRegKeyName (char *regk, size_t cbRegk)
+{
+ // The string is split in order to prevent some antivirus packages from falsely reporting
+ // VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
+ StringCbPrintfA (regk, cbRegk,"%s%s%s%s", "Software\\Microsoft\\Windows", " NT\\Curren", "tVersion\\Sy", "stemRestore");
+} \ No newline at end of file
diff --git a/src/Common/Registry.h b/src/Common/Registry.h
index fe80fb0..9939677 100644
--- a/src/Common/Registry.h
+++ b/src/Common/Registry.h
@@ -31,6 +31,7 @@ BOOL WriteRegistryBytes (char *path, char *name, char *str, DWORD size);
BOOL DeleteLocalMachineRegistryKey (char *parentKey, char *subKeyToDelete);
void DeleteRegistryValue (char *subKey, char *name);
void GetStartupRegKeyName (char *regk, size_t cbRegk);
+void GetRestorePointRegKeyName (char *regk, size_t cbRegk);
#ifdef __cplusplus
}
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index 7c3caa1..1b2042b 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -495,7 +495,9 @@ BOOL IsSystemRestoreEnabled ()
BOOL bEnabled = FALSE;
HKEY hKey;
DWORD dwValue = 0, cbValue = sizeof (DWORD);
- if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore", 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
+ char szRegPath[MAX_PATH];
+ GetRestorePointRegKeyName (szRegPath, sizeof (szRegPath));
+ if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, szRegPath, 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
{
if (IsOSAtLeast (WIN_VISTA))
{