Windows: workaround to solve false positive detection by some anti-virus software.

src/Common/Registry.c

@@ -312,6 +312,13 @@ void DeleteRegistryValue (char *subKey, char *name)
 void GetStartupRegKeyName (char *regk, size_t cbRegk)
 {
 	// The string is split in order to prevent some antivirus packages from falsely reporting  
-	// TrueCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
+	// VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
 	StringCbPrintfA (regk, cbRegk,"%s%s", "Software\\Microsoft\\Windows\\Curren", "tVersion\\Run");
 }
+
+void GetRestorePointRegKeyName (char *regk, size_t cbRegk)
+{
+	// The string is split in order to prevent some antivirus packages from falsely reporting  
+	// VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
+	StringCbPrintfA (regk, cbRegk,"%s%s%s%s", "Software\\Microsoft\\Windows", " NT\\Curren", "tVersion\\Sy", "stemRestore");
+}

src/Common/Registry.h

@@ -31,6 +31,7 @@ BOOL WriteRegistryBytes (char *path, char *name, char *str, DWORD size);
 BOOL DeleteLocalMachineRegistryKey (char *parentKey, char *subKeyToDelete);
 void DeleteRegistryValue (char *subKey, char *name);
 void GetStartupRegKeyName (char *regk, size_t cbRegk);
+void GetRestorePointRegKeyName (char *regk, size_t cbRegk);
 
 #ifdef  __cplusplus
 }

src/Setup/Setup.c

@@ -495,7 +495,9 @@ BOOL IsSystemRestoreEnabled ()
 	BOOL bEnabled = FALSE;
 	HKEY hKey;
 	DWORD dwValue = 0, cbValue = sizeof (DWORD);
-	if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore", 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
+	char szRegPath[MAX_PATH];
+	GetRestorePointRegKeyName (szRegPath, sizeof (szRegPath));
+	if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, szRegPath, 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
 	{	
 		if (IsOSAtLeast (WIN_VISTA))
 		{