Windows: workaround to solve false positive detection by some anti-virus software.

This commit is contained in:
Mounir IDRASSI 2015-10-27 15:23:22 +01:00
parent 62de77e2c8
commit ebbbde8964
3 changed files with 12 additions and 2 deletions

View File

@ -312,6 +312,13 @@ void DeleteRegistryValue (char *subKey, char *name)
void GetStartupRegKeyName (char *regk, size_t cbRegk)
{
// The string is split in order to prevent some antivirus packages from falsely reporting
// TrueCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
// VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
StringCbPrintfA (regk, cbRegk,"%s%s", "Software\\Microsoft\\Windows\\Curren", "tVersion\\Run");
}
void GetRestorePointRegKeyName (char *regk, size_t cbRegk)
{
// The string is split in order to prevent some antivirus packages from falsely reporting
// VeraCrypt.exe to contain a possible Trojan horse because of this string (heuristic scan).
StringCbPrintfA (regk, cbRegk,"%s%s%s%s", "Software\\Microsoft\\Windows", " NT\\Curren", "tVersion\\Sy", "stemRestore");
}

View File

@ -31,6 +31,7 @@ BOOL WriteRegistryBytes (char *path, char *name, char *str, DWORD size);
BOOL DeleteLocalMachineRegistryKey (char *parentKey, char *subKeyToDelete);
void DeleteRegistryValue (char *subKey, char *name);
void GetStartupRegKeyName (char *regk, size_t cbRegk);
void GetRestorePointRegKeyName (char *regk, size_t cbRegk);
#ifdef __cplusplus
}

View File

@ -495,7 +495,9 @@ BOOL IsSystemRestoreEnabled ()
BOOL bEnabled = FALSE;
HKEY hKey;
DWORD dwValue = 0, cbValue = sizeof (DWORD);
if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore", 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
char szRegPath[MAX_PATH];
GetRestorePointRegKeyName (szRegPath, sizeof (szRegPath));
if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, szRegPath, 0, KEY_READ | KEY_WOW64_64KEY, &hKey) == ERROR_SUCCESS)
{
if (IsOSAtLeast (WIN_VISTA))
{