From ebbbde89647ae0a7cce430ef880822805ebc2e12 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 27 Oct 2015 15:23:22 +0100 Subject: Windows: workaround to solve false positive detection by some anti-virus software. --- src/Common/Registry.c | 9 ++++++++- src/Common/Registry.h | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'src/Common') diff --git a/src/Common/Registry.c b/src/Common/Registry.c index 1cf28438..42162906 100644 --- a/src/Common/Registry.c +++ b/src/Common/Registry.c @@ -312,6 +312,13 @@ void DeleteRegistryValue (char *subKey, char *name) void GetStartupRegKeyName (char *regk, size_t cbRegk) { // The string is split in order to prevent some antivirus packages from falsely reporting - // TrueCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan). + // VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan). StringCbPrintfA (regk, cbRegk,"%s%s", "Software\\Microsoft\\Windows\\Curren", "tVersion\\Run"); } + +void GetRestorePointRegKeyName (char *regk, size_t cbRegk) +{ + // The string is split in order to prevent some antivirus packages from falsely reporting + // VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan). + StringCbPrintfA (regk, cbRegk,"%s%s%s%s", "Software\\Microsoft\\Windows", " NT\\Curren", "tVersion\\Sy", "stemRestore"); +} \ No newline at end of file diff --git a/src/Common/Registry.h b/src/Common/Registry.h index fe80fb0d..99396771 100644 --- a/src/Common/Registry.h +++ b/src/Common/Registry.h @@ -31,6 +31,7 @@ BOOL WriteRegistryBytes (char *path, char *name, char *str, DWORD size); BOOL DeleteLocalMachineRegistryKey (char *parentKey, char *subKeyToDelete); void DeleteRegistryValue (char *subKey, char *name); void GetStartupRegKeyName (char *regk, size_t cbRegk); +void GetRestorePointRegKeyName (char *regk, size_t cbRegk); #ifdef __cplusplus } -- cgit v1.2.3