Windows: Enable screen protection by default to block screenshots, recordings & Windows Recall. Add configurable setting in Preferences, Installer, and MSI.

This update introduces a screen protection mechanism that leverages the Windows Display Affinity API to prevent screen capture, screen recording, and inclusion in the Windows 11 Recall feature. By default, all VeraCrypt windows, menus, and tooltips are protected. Users can enable or disable this feature through a new setting available in the application Preferences, as well as in the installer and MSI configurations.

This enhances user privacy by mitigating potential leaks of sensitive interface content.

Note: Due to a regression in Windows 11 affecting layered windows, ComboBox dropdowns cannot currently be protected by this mechanism.

Translations/Language.ar.xml

@@ -1644,6 +1644,8 @@
     <entry lang="ar" key="MOUNTPOINT_BLOCKED">خطأ: نقطة تركيب الحجم محظورة لأنها تحل محل دليل نظام محمي.\n\nيرجى اختيار نقطة تركيب مختلفة.</entry>
     <entry lang="ar" key="MOUNTPOINT_NOTALLOWED">خطأ: نقطة تركيب الحجم غير مسموح بها لأنها تحل محل دليل مدرج ضمن متغير البيئة PATH.\n\nيرجى اختيار نقطة تركيب مختلفة.</entry>
     <entry lang="ar" key="INSECURE_MODE">[وضع غير آمن]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.be.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.bg.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ca.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.co.xml

@@ -1663,6 +1663,8 @@ Information about Corsican localization:
 	    <entry lang="co" key="MOUNTPOINT_BLOCKED">SBAGLIU : U puntu du muntatura di u vulume hè bluccatu perchè ellu rimpiazzeghja un cartulare prutettu di u sistema.\n\nCi vole à sceglie un puntu du muntatura sfarente.</entry>
 	    <entry lang="co" key="MOUNTPOINT_NOTALLOWED">SBAGLIU : U puntu du muntatura di u vulume ùn hè micca permessu perchè ellu rimpiazzeghja un cartulare chì face parte di a variabile d’ambiente PATH.\n\nCi vole à sceglie un puntu du muntatura sfarente.</entry>
 	    <entry lang="co" key="INSECURE_MODE">[MODU NONSICURU]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
 	</localization>
 	<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
 		<xs:element name="VeraCrypt">

Translations/Language.cs.xml

@@ -1644,6 +1644,8 @@
     <entry lang="cs" key="MOUNTPOINT_BLOCKED">CHYBA: Připojovací bod svazku je blokován, jelikož je nadřazen chráněnému systémovému adresáři.\n\nProsím, zvolte jiný přípojovací bod.</entry>
     <entry lang="cs" key="MOUNTPOINT_NOTALLOWED">CHYBA: Připojovací bod svazku není povolen, jelikož přepisuje adresář, jenž je součástí proměnného prostředí PATH.\n\nProsím, vyberte jiný připojovací bod.</entry>
     <entry lang="cs" key="INSECURE_MODE">[NEZABEZPEČENÝ REŽIM]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.da.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.de.xml

@@ -1647,6 +1647,8 @@
     <entry lang="de" key="MOUNTPOINT_BLOCKED">FEHLER: Der Einhängepunkt ist blockiert, da er ein geschütztes Systemverzeichnis überschreibt.\n\nBitte wählen Sie einen anderen Einhängepunkt.</entry>
     <entry lang="de" key="MOUNTPOINT_NOTALLOWED">FEHLER: Der Einhängepunkt ist unzulässig, da er ein Verzeichnis überschreibt, das zur PATH-Umgebungsvariable gehört.\n\nBitte wählen Sie einen anderen Einhängepunkt.</entry>
     <entry lang="de" key="INSECURE_MODE">[UNSICHERER MODUS]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <!-- XML-Schema -->
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">

Translations/Language.el.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.es.xml

@@ -1644,6 +1644,8 @@
     <entry lang="es" key="MOUNTPOINT_BLOCKED">ERROR: El punto de montaje del volumen está bloqueado porque sobrescribe un directorio protegido del sistema.\n\nElija un punto de montaje diferente.</entry>
     <entry lang="es" key="MOUNTPOINT_NOTALLOWED">ERROR: No se permite el punto de montaje del volumen porque sobrescribe un directorio que forma parte de la ruta PATH.\n\nElija un punto de montaje diferente.</entry>
     <entry lang="es" key="INSECURE_MODE">[MODO INSEGURO]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
 </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.et.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.eu.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.fa.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.fi.xml

@@ -1644,6 +1644,8 @@
     <entry lang="fi" key="MOUNTPOINT_BLOCKED">VIRHE: Taltion liitoskohta on estetty, koska se korvaa suojatun järjestelmäkansion.\n\nValitse toinen liitoskohta.</entry>
     <entry lang="fi" key="MOUNTPOINT_NOTALLOWED">VIRHE: Taltion liitoskohta ei ole sallittu, koska se korvaa PATH-ympäristömuuttujaan kuuluvan sijainnin.\n\nValitse toinen liitoskohta.</entry>
     <entry lang="fi" key="INSECURE_MODE">[EPÄTURVALLINEN TILA]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.fr.xml

@@ -1644,6 +1644,8 @@
     <entry lang="fr" key="MOUNTPOINT_BLOCKED">ERREUR : Le point de montage du volume est bloqué car il remplace un répertoire système protégé.\n\nVeuillez choisir un autre point de montage.</entry>
     <entry lang="fr" key="MOUNTPOINT_NOTALLOWED">ERREUR : Le point de montage du volume n'est pas autorisé car il remplace un répertoire faisant partie de la variable d'environnement PATH.\n\nVeuillez choisir un autre point de montage.</entry>
     <entry lang="fr" key="INSECURE_MODE">[MODE NON SÉCURISÉ]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.he.xml

@@ -1645,6 +1645,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified">
     <xs:element name="VeraCrypt">

Translations/Language.hu.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.id.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.it.xml

@@ -1644,6 +1644,8 @@
     <entry lang="it" key="MOUNTPOINT_BLOCKED">ERRORE: Il punto di montaggio del volume è bloccato perché sovrascrive una directory di sistema protetta.\n\nScegli un punto di montaggio diverso.</entry>
     <entry lang="it" key="MOUNTPOINT_NOTALLOWED">ERRORE: Il punto di montaggio del volume non è consentito perché sovrascrive una directory che fa parte della variabile d'ambiente PATH.\n\nScegli un punto di montaggio diverso.</entry>
     <entry lang="it" key="INSECURE_MODE">[MODALITÀ NON SICURA]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ja.xml

@@ -1644,6 +1644,8 @@
     <entry lang="ja" key="MOUNTPOINT_BLOCKED">エラー: ボリュームのマウントポイントは、保護されたシステムディレクトリと競合するためブロックされました。\n\n別のマウントポイントを選択してください。</entry>
     <entry lang="ja" key="MOUNTPOINT_NOTALLOWED">エラー: ボリュームのマウントポイントは、PATH環境変数に含まれるディレクトリを上書きするため使用できません。\n\n別のマウントポイントを選択してください。</entry>
     <entry lang="ja" key="INSECURE_MODE">[非セキュアモード]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ka.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ko.xml

@@ -1644,6 +1644,8 @@
     <entry lang="ko" key="MOUNTPOINT_BLOCKED">오류: 볼륨 마운트 위치가 보호된 시스템 디렉터리를 덮어쓰기 때문에 차단되었습니다.\n\n다른 마운트 위치를 선택하세요.</entry>
     <entry lang="ko" key="MOUNTPOINT_NOTALLOWED">오류: 볼륨 마운트 위치가 PATH 환경 변수의 일부인 디렉터리를 덮어쓰기 때문에 허용되지 않습니다.\n\n다른 마운트 위치를 선택하세요.</entry>
     <entry lang="ko" key="INSECURE_MODE">[비보안 모드]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.lv.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.my.xml

@@ -1646,6 +1646,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" attributeFormDefault="unqualified" elementFormDefault="qualified">
     <xs:element name="VeraCrypt">

Translations/Language.nb.xml

@@ -1644,6 +1644,8 @@
     <entry lang="nb" key="MOUNTPOINT_BLOCKED">FEIL: Volumets monteringspunkt er blokkert fordi det overstyrer en beskyttet systemkatalog.\n\nVennligst velg et annet monteringspunkt.</entry>
     <entry lang="nb" key="MOUNTPOINT_NOTALLOWED">FEIL: Volumets monteringspunkt er ikke tillatt fordi det overstyrer en katalog som er en del av PATH-miljøvariabelen.\n\nVennligst velg et annet monteringspunkt.</entry>
     <entry lang="nb" key="INSECURE_MODE">[USIKKER MODUS]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.nl.xml

@@ -1644,6 +1644,8 @@
     <entry lang="nl" key="MOUNTPOINT_BLOCKED">FOUT: Het koppelpunt van het volume is geblokkeerd omdat het een beveiligde systeemmap overschrijft.\n\nKies een ander koppelpunt.</entry>
     <entry lang="nl" key="MOUNTPOINT_NOTALLOWED">FOUT: het koppelpunt voor het volume is niet toegestaan omdat het een map overschrijft die deel uitmaakt van de omgevingsvariabele PATH.\n\nKies een ander koppelpunt.</entry>
     <entry lang="nl" key="INSECURE_MODE">[ONVEILIGE MODUS]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" attributeFormDefault="unqualified" elementFormDefault="qualified">
     <xs:element name="VeraCrypt">

Translations/Language.nn.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.pl.xml

@@ -1644,6 +1644,8 @@
     <entry lang="pl" key="MOUNTPOINT_BLOCKED">BŁĄD: Punkt podłączania wolumenu jest zablokowany, ponieważ nadpisuje chroniony katalog systemowy.\n\nWybierz inny punkt podłączania.</entry>
     <entry lang="pl" key="MOUNTPOINT_NOTALLOWED">BŁĄD: Punkt podłączania wolumenu nie jest dozwolony, ponieważ nadpisuje katalog, który jest częścią zmiennej środowiskowej PATH.\n\nWybierz inny punkt podłączania.</entry>
     <entry lang="pl" key="INSECURE_MODE">[TRYB NIEBEZPIECZNY]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.pt-br.xml

@@ -1644,6 +1644,8 @@
     <entry lang="pt-br" key="MOUNTPOINT_BLOCKED">ERRO: O ponto de montagem do volume está bloqueado porque substitui um diretório protegido do sistema.\n\nPor favor, escolha um ponto de montagem diferente.</entry>
     <entry lang="pt-br" key="MOUNTPOINT_NOTALLOWED">ERRO: O ponto de montagem do volume não é permitido porque substitui um diretório que faz parte da variável de ambiente PATH.\n\nPor favor, escolha um ponto de montagem diferente.</entry>
     <entry lang="pt-br" key="INSECURE_MODE">[MODO INSEGURO]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ro.xml

@@ -1644,6 +1644,8 @@
     <entry lang="ro" key="MOUNTPOINT_BLOCKED">EROARE: Punctul de montare al volumului este blocat deoarece suprascrie un director de sistem protejat.\n\nVă rugăm să alegeți un alt punct de montare.</entry>
     <entry lang="ro" key="MOUNTPOINT_NOTALLOWED">EROARE: Punctul de montare al volumului nu este permis deoarece suprascrie un director care face parte din variabila de mediu PATH.\n\nVă rugăm să alegeți un alt punct de montare.</entry>
     <entry lang="ro" key="INSECURE_MODE">[MOD INSECURIZAT]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.ru.xml

@@ -1644,6 +1644,8 @@
     <entry lang="ru" key="MOUNTPOINT_BLOCKED">ОШИБКА: Точка монтирования тома заблокирована, так как она переопределяет защищённую системную папку.\n\nВыберите другую точку монтирования.</entry>
     <entry lang="ru" key="MOUNTPOINT_NOTALLOWED">ОШИБКА: Точка монтирования тома не разрешена, так как она переопределяет папку, которая является частью переменной среды PATH.\n\nВыберите другую точку монтирования.</entry>
     <entry lang="ru" key="INSECURE_MODE">[НЕБЕЗОПАСНЫЙ РЕЖИМ]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.sk.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.sl.xml

@@ -1644,6 +1644,8 @@
     <entry lang="sl" key="MOUNTPOINT_BLOCKED">NAPAKA: Tocka priklopa nosilca je blokirana, ker prekriva zašciteno sistemsko mapo.\n\nIzberite drugo tocko priklopa.</entry>
     <entry lang="sl" key="MOUNTPOINT_NOTALLOWED">NAPAKA: Tocka priklopa nosilca ni dovoljena, ker prekriva mapo, ki je del okoljske spremenljivke PATH.\n\nIzberite drugo tocko priklopa.</entry>
     <entry lang="sl" key="INSECURE_MODE">[NEVAREN NACIN]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.sv.xml

@@ -1644,6 +1644,8 @@
     <entry lang="sv" key="MOUNTPOINT_BLOCKED">FEL: Volymens monteringspunkt är blockerad eftersom den skriver över en skyddad systemkatalog.\n\nVar god välj en annan monteringspunkt.</entry>
     <entry lang="sv" key="MOUNTPOINT_NOTALLOWED">FEL: Volymens monteringspunkt är inte tillåten eftersom den skriver över en katalog som är en del av miljövariabeln PATH.\n\nVar god välj en annan monteringspunkt.</entry>
     <entry lang="sv" key="INSECURE_MODE">[OSÄKERT]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.th.xml

@@ -1645,6 +1645,8 @@
     <entry lang="th" key="MOUNTPOINT_BLOCKED">ข้อผิดพลาด: จุดเชื่อมต่อโวลุ่มถูกบล็อกเนื่องจากไปทับซ้อนกับไดเรกทอรีระบบที่ได้รับการป้องกัน\n\nกรุณาเลือกจุดเชื่อมต่ออื่น</entry>
     <entry lang="th" key="MOUNTPOINT_NOTALLOWED">ข้อผิดพลาด: จุดเชื่อมต่อโวลุ่มไม่ได้รับอนุญาตเนื่องจากไปทับซ้อนกับไดเรกทอรีที่เป็นส่วนหนึ่งของตัวแปร PATH\n\nกรุณาเลือกจุดเชื่อมต่ออื่น</entry>
     <entry lang="th" key="INSECURE_MODE">[โหมดไม่ปลอดภัย]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.tr.xml

@@ -1644,6 +1644,8 @@
     <entry lang="tr" key="MOUNTPOINT_BLOCKED">HATA: Birim bağlama noktası, korunan bir sistem dizinini geçersiz kıldığı için engellendi.\n\nLütfen farklı bir bağlama noktası seçin.</entry>
     <entry lang="tr" key="MOUNTPOINT_NOTALLOWED">HATA: Birim bağlama noktası, PATH ortam değişkeninin bir parçası olan bir dizini geçersiz kıldığı için izin verilmiyor.\n\nLütfen farklı bir bağlama noktası seçin.</entry>
     <entry lang="tr" key="INSECURE_MODE">[GÜVENSİZ MOD]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.uk.xml

@@ -1644,6 +1644,8 @@
     <entry lang="uk" key="MOUNTPOINT_BLOCKED">ПОМИЛКА: Точка монтування тому заблокована, оскільки вона заміщує захищений системний каталог.\n\nБудь ласка, оберіть іншу точку монтування.</entry>
     <entry lang="uk" key="MOUNTPOINT_NOTALLOWED">ПОМИЛКА: Точка монтування тому не дозволена, оскільки вона заміщує каталог, який є частиною змінної середовища PATH.\n\nБудь ласка, оберіть іншу точку монтування.</entry>
     <entry lang="uk" key="INSECURE_MODE">[НЕБЕЗПЕЧНИЙ РЕЖИМ]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.uz.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.vi.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.zh-cn.xml

@@ -1645,6 +1645,8 @@
     <entry lang="zh-cn" key="MOUNTPOINT_BLOCKED">错误：卷挂载点被阻止，因为它覆盖了受保护的系统目录。\n\n请选择其他挂载点。</entry>
     <entry lang="zh-cn" key="MOUNTPOINT_NOTALLOWED">错误：卷挂载点不允许使用，因为它覆盖了 PATH 环境变量中的目录。\n\n请选择其他挂载点。</entry>
     <entry lang="zh-cn" key="INSECURE_MODE">[不安全模式]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.zh-hk.xml

@@ -1644,6 +1644,8 @@
     <entry lang="zh-hk" key="MOUNTPOINT_BLOCKED">錯誤：磁碟區掛載點因其覆寫系統受保護的路徑而被阻止。\n\n請選擇另一個掛載點。</entry>
     <entry lang="zh-hk" key="MOUNTPOINT_NOTALLOWED">錯誤： 磁碟區掛載點因其覆寫的路徑屬於 PATH 環境變數的一部份而不被接納。\n\n請選擇另一個掛載點。</entry>
     <entry lang="zh-hk" key="INSECURE_MODE">[不安全模式]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

Translations/Language.zh-tw.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

src/Common/Apidrvr.h

@@ -424,6 +424,7 @@ typedef struct
 #define VC_ERASE_KEYS_SHUTDOWN DRIVER_STR("VeraCryptEraseKeysShutdown")
 
 #define VC_ENABLE_MEMORY_PROTECTION DRIVER_STR("VeraCryptEnableMemoryProtection")
+#define VC_ENABLE_SCREEN_PROTECTION DRIVER_STR("VeraCryptEnableScreenProtection")
 
 // WARNING: Modifying the following values can introduce incompatibility with previous versions.
 #define TC_DRIVER_CONFIG_CACHE_BOOT_PASSWORD						0x1

src/Common/Cmdline.c

@@ -80,6 +80,9 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
 	case WM_CLOSE:
 		EndDialog (hwndDlg, 0);
 		return 1;
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;

src/Common/Dlgcode.c

@@ -2299,6 +2299,9 @@ BOOL CALLBACK AboutDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam
 
 		EndDialog (hwndDlg, 0);
 		return 1;
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -2369,6 +2372,10 @@ static BOOL CALLBACK StaticModelessWaitDlgProc (HWND hwndDlg, UINT msg, WPARAM w
 		StaticModelessWaitDlgHandle = NULL;
 		EndDialog (hwndDlg, 0);
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -3005,6 +3012,7 @@ typedef struct
 void ExceptionHandlerThread (void *threadArg)
 {
 	ExceptionHandlerThreadArgs *args = (ExceptionHandlerThreadArgs *) threadArg;
+	ScreenCaptureBlocker blocker;
 
 	EXCEPTION_POINTERS *ep = args->ExceptionPointers;
 	//DWORD addr;
@@ -3473,6 +3481,25 @@ BOOL WriteMemoryProtectionConfig (BOOL bEnable)
 	return WriteLocalMachineRegistryDword (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
 }
 
+BOOL ReadScreenProtectionConfig()
+{
+	DWORD config;
+
+	if (!ReadLocalMachineRegistryDword(L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_SCREEN_PROTECTION, &config))
+	{
+		// enabled by default
+		config = 1;
+	}
+	return (config) ? TRUE : FALSE;
+}
+
+BOOL WriteScreenProtectionConfig(BOOL bEnable)
+{
+	DWORD config = bEnable ? 1 : 0;
+
+	return WriteLocalMachineRegistryDword(L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_SCREEN_PROTECTION, config);
+}
+
 BOOL LoadSysEncSettings ()
 {
 	BOOL status = TRUE;
@@ -4354,6 +4381,10 @@ BOOL CALLBACK TextEditDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 		NormalCursor ();
 		EndDialog (hwndDlg, 0);
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -4495,6 +4526,10 @@ BOOL CALLBACK TextInfoDialogBoxDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
 		NormalCursor ();
 		EndDialog (hwndDlg, 0);
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -4685,6 +4720,10 @@ BOOL CALLBACK RawDevicesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM l
 			return 1;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 	case WM_NOTIFY:
 		// catch non-device line selected
@@ -5776,6 +5815,9 @@ static BOOL CALLBACK LocalizeDialogEnum( HWND hwnd, LPARAM font)
 void LocalizeDialog (HWND hwnd, char *stringId)
 {
 	LastDialogId = stringId;
+
+	AttachProtectionToCurrentThread(hwnd);
+
 	SetWindowLongPtrW (hwnd, GWLP_USERDATA, (LONG_PTR) 'VERA');
 	SendMessageW (hwnd, WM_SETFONT, (WPARAM) hUserFont, 0);
 
@@ -6811,6 +6853,10 @@ BOOL CALLBACK BenchmarkDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lP
 
 		break;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	}
 	return 0;
 }
@@ -6989,6 +7035,9 @@ exit:
 
 			return 1;
 		}
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 	return 0;
 }
@@ -7416,6 +7465,10 @@ exit:
 			NormalCursor ();
 			return 1;
 		}
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 	return 0;
 }
@@ -7768,6 +7821,10 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 		idTestCipher = -1;
 		EndDialog (hwndDlg, 0);
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -8053,6 +8110,10 @@ BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPA
 		// This prevents the window from being closed by pressing Alt-F4 (the Close button is hidden).
 		// Note that the OS handles modal MessageBox() dialog windows the same way.
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -8499,6 +8560,7 @@ typedef struct
 static void _cdecl WaitThread (void* pParam)
 {
 	WaitThreadParam* pThreadParam = (WaitThreadParam*) pParam;
+	ScreenCaptureBlocker screenCaptureBlocker;
 
 	pThreadParam->callback(pThreadParam->pArg, pThreadParam->hwnd);
 
@@ -8553,6 +8615,10 @@ BOOL CALLBACK WaitDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
 		else
 			return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		return 0;
+
 	default:
 		if (msg == g_wmWaitDlg)
 		{
@@ -12070,6 +12136,10 @@ BOOL CALLBACK SecurityTokenPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wPara
 		}
 		return 1;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_NCDESTROY:
 		{
 			/* unregister drap-n-drop support */
@@ -12142,6 +12212,10 @@ static BOOL CALLBACK NewSecurityTokenKeyfileDlgProc (HWND hwndDlg, UINT msg, WPA
 			return 1;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 		switch (lw)
 		{
@@ -12298,6 +12372,10 @@ BOOL CALLBACK SecurityTokenKeyfileDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam
 			return 1;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 	case WM_NOTIFY:
 		if (msg == WM_COMMAND && lw == IDOK || msg == WM_NOTIFY && ((NMHDR *)lParam)->code == LVN_ITEMACTIVATE)
@@ -14097,6 +14175,8 @@ static unsigned int __stdcall SecureDesktopThread( LPVOID lpThreadParameter )
 
 	if (bNewDesktopSet)
 	{
+		ScreenCaptureBlocker blocker;
+
 		// call ImmDisableIME　from imm32.dll to disable IME since it can create issue with secure desktop
 		// cf: https://keepass.info/help/kb/sec_desk.html#ime
 		HMODULE hImmDll = LoadLibraryEx (L"imm32.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
@@ -16098,3 +16178,230 @@ cleanup:
 	return result;
 }
 #endif
+
+#if !defined(SETUP) && !defined(VC_COMREG)
+
+/*
+* Screen Protection Functions
+* These functions provide against screen capture, screen recording,  
+* and Windows 11 Recall feature by leveraging the Windows Display Affinity API.
+* 
+* Main windows/dialogs are protected via HCBT_ACTIVATE hook while menus/tooltips are protected
+* via selective window subclassing that allows calling SetWindowDisplayAffinity when they are created.
+* 
+* limitations: ComboBox dropdowns are not protected on Windows 11 because of a regression affecting 
+* layered windows (combobox dropdowns are layered windows)
+* 
+* Author: Mounir IDRASSI <mounir.idrassi@amcrypto.jp> for the VeraCrypt project
+* Date: 2025-05-23
+* 
+*/
+
+#include <atomic>
+#include <map>
+#include <mutex>
+
+static std::once_flag g_configOnce;                 // ensures one-time read
+static std::atomic_bool g_screenProtectionEnabled;  // readonly after init
+static thread_local HHOOK  g_cbtHook = nullptr;   // one per thread
+static thread_local int g_protectionRefCount = 0; 
+
+std::map<HWND, WNDPROC> g_MenuWndProcs;
+std::map<HWND, bool> g_Initialized;
+std::mutex g_MenuMutex;
+
+static void InitScreenProtectionFlag()
+{
+    // Runs exactly once thanks to std::call_once
+    BOOL enabled = ReadScreenProtectionConfig();
+    g_screenProtectionEnabled.store(enabled, std::memory_order_release);
+}
+
+static bool IsScreenProtectionEnabled()
+{
+    std::call_once(g_configOnce, InitScreenProtectionFlag);
+    return g_screenProtectionEnabled.load(std::memory_order_acquire);
+}
+
+
+// Custom WndProc for menu windows
+static LRESULT CALLBACK ProtectedWndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+	if (msg == WM_CREATE) {
+		SetWindowDisplayAffinity(hwnd, WDA_EXCLUDEFROMCAPTURE);
+	}
+
+	// Forward to original WndProc
+	WNDPROC origProc = nullptr;
+	{
+		std::lock_guard<std::mutex> lock(g_MenuMutex);
+		auto it = g_MenuWndProcs.find(hwnd);
+		if (it != g_MenuWndProcs.end())
+			origProc = it->second;
+	}
+
+	LRESULT result = 0;
+	if (origProc) {
+		result = CallWindowProc(origProc, hwnd, msg, wParam, lParam);
+	}
+	else {
+		// fallback to DefWindowProc if somehow no mapping exists
+		result = DefWindowProc(hwnd, msg, wParam, lParam);
+	}
+
+	if (msg == WM_NCDESTROY) {
+		// Clean up the mapping when the window is destroyed
+		std::lock_guard<std::mutex> lock(g_MenuMutex);
+		g_MenuWndProcs.erase(hwnd);
+		g_Initialized.erase(hwnd);
+	}
+
+	return result;
+}
+
+void SubclassProtectedWindow(HWND hwnd)
+{
+	WNDPROC origProc = (WNDPROC)GetWindowLongPtr(hwnd, GWLP_WNDPROC);
+
+	{
+		std::lock_guard<std::mutex> lock(g_MenuMutex);
+		g_MenuWndProcs[hwnd] = origProc;
+		g_Initialized[hwnd] = false;
+	}
+
+	SetWindowLongPtr(hwnd, GWLP_WNDPROC, (LONG_PTR)ProtectedWndProc);
+}
+
+BOOL IsMenuWindow(HWND hwnd)
+{
+	TCHAR szClass[256] = { 0 };
+	GetClassName(hwnd, szClass, 255);
+	if (!_tcsicmp(szClass, _T("#32768")))
+	{
+		return TRUE;
+	}
+	else
+	{
+		return FALSE;
+	}
+}
+
+BOOL IsTooltipWindow(HWND hwnd)
+{
+	TCHAR szClass[256] = { 0 };
+	GetClassName(hwnd, szClass, 255);
+	if (!_tcsicmp(szClass, _T("tooltips_class32")))
+	{
+		return TRUE;
+	}
+	else if (!_tcsicmp(szClass, _T("SysShadow")))
+	{
+		// check if it has WS_EX_TOOLWINDOW style: this helps identify the arrow area of the tooltip
+		LONG_PTR exStyle = GetWindowLongPtr(hwnd, GWL_EXSTYLE);
+		if (exStyle & WS_EX_TOOLWINDOW)
+		{
+			return TRUE;
+		}
+	}
+
+	return FALSE;
+}
+
+static LRESULT CALLBACK CBT_PROC(int nCode, WPARAM wParam, LPARAM lParam)
+{
+	// for normal windows, HCBT_ACTIVATE is enough but for menus and tooltips we need to subclass them
+	// in order to call SetWindowDisplayAffinity when they are created
+	if (nCode == HCBT_ACTIVATE)
+	{
+		HWND hwnd = (HWND)(wParam);
+		LONG_PTR style = GetWindowLongPtr(hwnd, GWL_STYLE);
+
+		if ((style & (WS_POPUP | WS_OVERLAPPEDWINDOW)))
+		{
+			// get current affinity
+			DWORD dwAffinity = 0;
+			if (GetWindowDisplayAffinity(hwnd, &dwAffinity))
+			{
+				// if the affinity is not set, set it to exclude from capture
+				if (dwAffinity != WDA_EXCLUDEFROMCAPTURE)
+				{
+					SetWindowDisplayAffinity(hwnd, WDA_EXCLUDEFROMCAPTURE);
+				}
+				else
+				{
+					dwAffinity = 0;
+				}
+			}
+			else
+			{
+				// if we can't get the affinity, set it to exclude from capture
+				SetWindowDisplayAffinity(hwnd, WDA_EXCLUDEFROMCAPTURE);
+			}
+		}
+	}
+
+	if (nCode == HCBT_CREATEWND)
+	{
+		HWND hwnd = (HWND)(wParam);
+		if (IsMenuWindow(hwnd) || IsTooltipWindow(hwnd))
+		{
+			SubclassProtectedWindow(hwnd);
+		}
+	}
+	return CallNextHookEx(g_cbtHook, nCode, wParam, lParam);
+}
+
+BOOL AttachProtectionToCurrentThread(HWND hwnd)
+{
+    if (!IsScreenProtectionEnabled())
+        return TRUE;
+
+	if (hwnd) SetWindowDisplayAffinity(hwnd, WDA_EXCLUDEFROMCAPTURE);
+
+    if (g_protectionRefCount == 0)
+    {
+		// From now on, protect every future window/menu automatically.
+		// Set the hook only once per thread
+		g_cbtHook = SetWindowsHookExW(WH_CBT, CBT_PROC,
+			NULL,               // procedure lives in EXE
+			GetCurrentThreadId()); // thread-local hook
+		if (!g_cbtHook)
+		{
+			return FALSE;
+		}
+	}
+
+	g_protectionRefCount++;
+
+	return TRUE;
+}
+
+void DetachProtectionFromCurrentThread()
+{
+	if (!IsScreenProtectionEnabled())
+		return;
+
+    if (g_protectionRefCount == 0)
+        return;
+
+    --g_protectionRefCount;
+    if (g_protectionRefCount == 0)
+    {
+		// Last detach for this thread: remove hook
+		if (g_cbtHook)
+		{
+			UnhookWindowsHookEx(g_cbtHook);
+			g_cbtHook = nullptr;
+		}
+	}
+}
+#else
+// Dummy functions for screen protection
+BOOL AttachProtectionToCurrentThread(HWND hwnd)
+{
+	return TRUE;
+}
+void DetachProtectionFromCurrentThread()
+{
+}
+#endif

src/Common/Dlgcode.h

@@ -355,6 +355,8 @@ uint32 ReadServiceConfigurationFlags ();
 uint32 ReadEncryptionThreadPoolFreeCpuCountLimit ();
 BOOL ReadMemoryProtectionConfig ();
 BOOL WriteMemoryProtectionConfig (BOOL bEnable);
+BOOL ReadScreenProtectionConfig();
+BOOL WriteScreenProtectionConfig(BOOL bEnable);
 BOOL LoadSysEncSettings ();
 int LoadNonSysInPlaceEncSettings (WipeAlgorithmId *wipeAlgorithm);
 void RemoveNonSysInPlaceEncNotifications (void);
@@ -602,6 +604,9 @@ DWORD FastResizeFile (const wchar_t* filePath, __int64 fileSize);
 void GetAppRandomSeed (unsigned char* pbRandSeed, size_t cbRandSeed);
 #endif
 BOOL IsInternetConnected();
+BOOL AttachProtectionToCurrentThread(HWND hwnd);
+void DetachProtectionFromCurrentThread();
+
 #if defined(SETUP) && !defined (PORTABLE)
 typedef struct _SECURITY_INFO_BACKUP {
 	PSID pOrigOwner;
@@ -815,6 +820,27 @@ BOOL GetHibernateStatus (BOOL& bHibernateEnabled, BOOL& bHiberbootEnabled);
 bool GetKbList (std::vector<std::wstring>& kbList);
 bool OneOfKBsInstalled (const wchar_t* szKBs[], int count);
 
+class ScreenCaptureBlocker
+{
+public:
+	ScreenCaptureBlocker(HWND hwnd = NULL)
+		: m_hwnd(hwnd), m_attached(false)
+	{
+		m_attached = AttachProtectionToCurrentThread(m_hwnd);
+	}
+
+	~ScreenCaptureBlocker()
+	{
+		if (m_attached)
+			DetachProtectionFromCurrentThread();
+	}
+
+private:
+	HWND m_hwnd;
+	bool m_attached;
+};
+
+
 #endif // __cplusplus
 
 #endif // TC_HEADER_DLGCODE

src/Common/Format.c

@@ -1382,6 +1382,7 @@ static volatile DWORD WriteRequestResult;
 static void __cdecl FormatWriteThreadProc (void *arg)
 {
 	DWORD bytesWritten;
+	AttachProtectionToCurrentThread(NULL);
 
 	SetThreadPriority (GetCurrentThread(), THREAD_PRIORITY_HIGHEST);
 
@@ -1409,6 +1410,7 @@ static void __cdecl FormatWriteThreadProc (void *arg)
 	}
 
 	WriteThreadRunning = FALSE;
+	DetachProtectionFromCurrentThread();
 	_endthread();
 }
 

src/Common/Keyfiles.c

@@ -704,6 +704,10 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 
 		break;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	}
 
 	return 0;

src/Common/Language.c

@@ -585,6 +585,10 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 			return 1;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		if (lw == IDOK || hw == LBN_DBLCLK)

src/Common/Language.xml

@@ -1644,6 +1644,8 @@
     <entry lang="en" key="MOUNTPOINT_BLOCKED">ERROR: The volume mount point is blocked because it overrides a protected system directory.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="MOUNTPOINT_NOTALLOWED">ERROR: The volume mount point is not allowed because it overrides a directory that is part of the PATH environment variable.\n\nPlease choose a different mount point.</entry>
     <entry lang="en" key="INSECURE_MODE">[INSECURE MODE]</entry>
+    <entry lang="en" key="IDC_DISABLE_SCREEN_PROTECTION">Disable protection against screenshots and screen recording</entry>
+    <entry lang="en" key="DISABLE_SCREEN_PROTECTION_WARNING">WARNING: Disabling screen protection significantly reduces security. Enable this option ONLY if you have a specific need to capture VeraCrypt's interface. This may expose sensitive data to screenshot tools and screen recording features such as Windows 11 Recall.</entry>
   </localization>
   <xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
     <xs:element name="VeraCrypt">

src/ExpandVolume/DlgExpandVolume.cpp

@@ -208,6 +208,9 @@ BOOL CALLBACK ExpandVolSizeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 
 	case WM_COMMAND:
 		if (lw == IDCANCEL)
@@ -477,6 +480,10 @@ BOOL CALLBACK ExpandVolProgressDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
 		burn (&mouseEntropyGathered, sizeof(mouseEntropyGathered));
 		burn (maskRandPool, sizeof(maskRandPool));
 		return 0;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;

src/ExpandVolume/ExpandVolume.c

@@ -1130,6 +1130,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
 	int nStatus;
 	EXPAND_VOL_THREAD_PARAMS *pParam=(EXPAND_VOL_THREAD_PARAMS *)pExpandDlgParam;
 	HWND hwndDlg = (HWND) pParam->hwndDlg;
+	AttachProtectionToCurrentThread(NULL);
 
 	nStatus = ExpandVolume (hwndDlg, (wchar_t*)pParam->szVolumeName, pParam->pVolumePassword,
 		pParam->VolumePkcs5, pParam->VolumePim, pParam->newSize, pParam->bInitFreeSpace, pParam->bQuickExpand );
@@ -1141,5 +1142,7 @@ void __cdecl volTransformThreadFunction (void *pExpandDlgParam)
 
 	PostMessage (hwndDlg, TC_APPMSG_VOL_TRANSFORM_THREAD_ENDED, 0, nStatus);
 
+	DetachProtectionFromCurrentThread();
+
 	_endthread ();
 }

src/ExpandVolume/InitDataArea.c

@@ -218,6 +218,7 @@ static volatile DWORD WriteRequestResult;
 static void __cdecl FormatWriteThreadProc (void *arg)
 {
 	DWORD bytesWritten;
+	AttachProtectionToCurrentThread(NULL);
 
 	SetThreadPriority (GetCurrentThread(), THREAD_PRIORITY_HIGHEST);
 
@@ -245,6 +246,7 @@ static void __cdecl FormatWriteThreadProc (void *arg)
 	}
 
 	WriteThreadRunning = FALSE;
+	DetachProtectionFromCurrentThread();
 	_endthread();
 }
 

src/ExpandVolume/WinMain.cpp

@@ -783,6 +783,10 @@ BOOL CALLBACK ExtcvPasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARA
 			DragFinish (hdrop);
 		}
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -1066,6 +1070,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 		VeraCryptExpander::EndMainDlg (hwndDlg);
 		return 1;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	default:
 		;
 	}
@@ -1079,6 +1087,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpszCommandLine, int nCmdShow)
 {
 	int status;
+	ScreenCaptureBlocker blocker;
 	atexit (VeraCryptExpander::localcleanup);
 	SetProcessShutdownParameters (0x100, 0);
 

src/Format/Tcformat.c

@@ -2504,6 +2504,7 @@ static void UpdateWipeControls (void)
 
 static void __cdecl sysEncDriveAnalysisThread (void *hwndDlgArg)
 {
+	ScreenCaptureBlocker blocker;
 	// Mark the detection process as 'in progress'
 	HiddenSectorDetectionStatus = 1;
 	SaveSettings (NULL);
@@ -2548,6 +2549,7 @@ static void __cdecl volTransformThreadFunction (void *hwndDlgArg)
 	BOOL bHidden;
 	HWND hwndDlg = (HWND) hwndDlgArg;
 	volatile FORMAT_VOL_PARAMETERS *volParams = (FORMAT_VOL_PARAMETERS *) malloc (sizeof(FORMAT_VOL_PARAMETERS));
+	ScreenCaptureBlocker blocker;
 
 	if (volParams == NULL)
 		AbortProcess ("ERR_MEM_ALLOC");
@@ -6162,6 +6164,10 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 		}
 
 		return 0;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 
 	return 0;
@@ -9076,6 +9082,10 @@ ovf_end:
 		PostMessage (hwndDlg, TC_APPMSG_FORMAT_USER_QUIT, 0, 0);
 		return 1;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_NCDESTROY:
 		{
 			hPasswordInputField = NULL;
@@ -10565,6 +10575,7 @@ static void AfterWMInitTasks (HWND hwndDlg)
 int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpszCommandLine, int nCmdShow)
 {
 	int status;
+	ScreenCaptureBlocker blocker;
 	atexit (localcleanup);
 
 	VirtualLock (&volumePassword, sizeof(volumePassword));

src/Mount/Favorites.cpp

@@ -237,6 +237,10 @@ namespace VeraCrypt
 			}
 			return 1;
 
+		case WM_DESTROY:
+			DetachProtectionFromCurrentThread();
+			break;
+
 		case WM_COMMAND:
 
 			switch (lw)

src/Mount/Hotkeys.c

@@ -604,6 +604,10 @@ BOOL CALLBACK HotkeysDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPar
 		KillTimer (hwndDlg, 0xfe);
 		EndDialog (hwndDlg, IDCANCEL);
 		return 1;
+
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
 	}
 	return 0;
 }

src/Mount/Mount.c

@@ -2490,6 +2490,10 @@ BOOL CALLBACK PasswordChangeDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPAR
 			return 0;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_TIMER:
 		switch (wParam)
 		{
@@ -3319,6 +3323,10 @@ BOOL CALLBACK PasswordDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_NCDESTROY:
 		{
 			/* unregister drap-n-drop support */
@@ -3510,6 +3518,10 @@ BOOL CALLBACK PreferencesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		if (lw == IDC_PREF_BKG_TASK_ENABLE && !IsButtonChecked (GetDlgItem (hwndDlg, IDC_PREF_BKG_TASK_ENABLE)))
@@ -3759,6 +3771,10 @@ BOOL CALLBACK MountOptionsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_CONTEXTMENU:
 		{
 			RECT buttonRect;
@@ -4372,6 +4388,10 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP
 			return 0;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_NOTIFY:
 
 		if(wParam == IDC_VOLUME_PROPERTIES_LIST)
@@ -4487,6 +4507,10 @@ BOOL CALLBACK TravelerDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		if (HIWORD (wParam) == BN_CLICKED
@@ -5405,6 +5429,7 @@ void __cdecl mountThreadFunction (void *hwndDlgArg)
 {
 	HWND hwndDlg =(HWND) hwndDlgArg;
 	BOOL bIsForeground = (GetForegroundWindow () == hwndDlg)? TRUE : FALSE;
+	ScreenCaptureBlocker screenCaptureBlocker;
 	// Disable parent dialog during processing to avoid user interaction
 	EnableWindow(hwndDlg, FALSE);
 	finally_do_arg2 (HWND, hwndDlg, BOOL, bIsForeground, { EnableWindow(finally_arg, TRUE);  if (finally_arg2) BringToForeground (finally_arg); bPrebootPasswordDlgMode = FALSE;});
@@ -9088,6 +9113,10 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 		EndMainDlg (hwndDlg);
 		return 1;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_INITMENUPOPUP:
 		{
 			// disable "Set Header Key Derivation Algorithm" entry in "Volumes" menu
@@ -10103,6 +10132,7 @@ static BOOL StartSystemFavoritesService ()
 int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpszCommandLine, int nCmdShow)
 {
 	int argc;
+	ScreenCaptureBlocker blocker;
 	LPWSTR *argv = CommandLineToArgvW (GetCommandLineW(), &argc);
 
 	if (argv && argc == 2 && wstring (TC_SYSTEM_FAVORITES_SERVICE_CMDLINE_OPTION) == argv[1])
@@ -10679,6 +10709,7 @@ void CALLBACK mountFavoriteVolumeCallbackFunction (void *pArg, HWND hwnd)
 
 void __cdecl mountFavoriteVolumeThreadFunction (void *pArg)
 {
+	ScreenCaptureBlocker screenCaptureBlocker;
 	ShowWaitDialog (MainDlg, FALSE, mountFavoriteVolumeCallbackFunction, pArg);
 	_InterlockedExchange(&FavoriteMountOnGoing, 0);
 }
@@ -11614,6 +11645,13 @@ void SetMemoryProtectionConfig (BOOL bEnable)
 		BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_MEMORY_PROTECTION, config);
 }
 
+void SetScreenProtectionConfig (BOOL bEnable)
+{
+	DWORD config = bEnable? 1: 0;
+	if (BootEncObj)
+		BootEncObj->WriteLocalMachineRegistryDwordValue (L"SYSTEM\\CurrentControlSet\\Services\\veracrypt", VC_ENABLE_SCREEN_PROTECTION, config);
+}
+
 void NotifyService (DWORD dwNotifyCmd)
 {
 	if (BootEncObj)
@@ -11623,6 +11661,7 @@ void NotifyService (DWORD dwNotifyCmd)
 static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
 {
 	static HWND hDisableMemProtectionTooltipWnd = NULL;
+	static HWND hDisableScreenProtectionTooltipWnd = NULL;
 	WORD lw = LOWORD (wParam);
 
 	switch (msg)
@@ -11667,6 +11706,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 			}
 
 			CheckDlgButton (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, ReadMemoryProtectionConfig() ? BST_UNCHECKED : BST_CHECKED);
+			CheckDlgButton (hwndDlg, IDC_DISABLE_SCREEN_PROTECTION, ReadScreenProtectionConfig() ? BST_UNCHECKED : BST_CHECKED);
 
 			size_t cpuCount = GetCpuCount(NULL);
 
@@ -11707,6 +11747,10 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 			AccommodateCheckBoxTextWidth(hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
 			// make the help button adjacent to the checkbox
 			MakeControlsContiguous(hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, IDC_DISABLE_MEMORY_PROTECTION_HELP);
+
+			hDisableScreenProtectionTooltipWnd = CreateToolTip (IDC_DISABLE_SCREEN_PROTECTION, hwndDlg, "DISABLE_SCREEN_PROTECTION_WARNING");
+			// make IDC_DISABLE_SCREEN_PROTECTION control fit the text so that the tooltip is shown only when mouse is over the text
+			AccommodateCheckBoxTextWidth(hwndDlg, IDC_DISABLE_SCREEN_PROTECTION);
 		}
 		return 0;
 
@@ -11717,6 +11761,12 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 			DestroyWindow (hDisableMemProtectionTooltipWnd);
 			hDisableMemProtectionTooltipWnd = NULL;
 		}
+		if (hDisableScreenProtectionTooltipWnd)
+		{
+			DestroyWindow (hDisableScreenProtectionTooltipWnd);
+			hDisableScreenProtectionTooltipWnd = NULL;
+		}
+		DetachProtectionFromCurrentThread();
 		break;
 
 	case WM_COMMAND:
@@ -11743,6 +11793,7 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 				BOOL allowTrimCommand = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_TRIM_NONSYS_SSD);
 				BOOL allowWindowsDefrag = IsDlgButtonChecked (hwndDlg, IDC_ALLOW_WINDOWS_DEFRAG);
 				BOOL disableMemoryProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION);
+				BOOL disableScreenProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_SCREEN_PROTECTION);
 
 				try
 				{
@@ -11816,6 +11867,11 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 						rebootRequired = true;
 					SetMemoryProtectionConfig (!disableMemoryProtection);
 
+					BOOL originalDisableScreenProtection = !ReadScreenProtectionConfig();
+					if(originalDisableScreenProtection != disableScreenProtection)
+						rebootRequired = true;
+					SetScreenProtectionConfig (!disableScreenProtection);
+
 					DWORD bytesReturned;
 					if (!DeviceIoControl (hDriver, TC_IOCTL_REREAD_DRIVER_CONFIG, NULL, 0, NULL, 0, &bytesReturned, NULL))
 						handleWin32Error (hwndDlg, SRC_POS);
@@ -11928,6 +11984,21 @@ static BOOL CALLBACK PerformanceSettingsDlgProc (HWND hwndDlg, UINT msg, WPARAM
 		case IDC_DISABLE_MEMORY_PROTECTION_HELP:
 			Applink ("memoryprotection");
 			return 1;
+		case IDC_DISABLE_SCREEN_PROTECTION:
+			{
+				BOOL disableScreenProtection = IsDlgButtonChecked (hwndDlg, IDC_DISABLE_SCREEN_PROTECTION);
+				BOOL originalDisableScreenProtection = !ReadScreenProtectionConfig();
+				if (disableScreenProtection != originalDisableScreenProtection)
+				{
+					if (disableScreenProtection)
+					{
+						Warning ("DISABLE_SCREEN_PROTECTION_WARNING", hwndDlg);
+					}
+
+					Warning ("SETTING_REQUIRES_REBOOT", hwndDlg);
+				}
+			}
+			return 1;
 		case IDC_BENCHMARK:
 			Benchmark (hwndDlg);
 			return 1;
@@ -11964,6 +12035,10 @@ static BOOL CALLBACK SecurityTokenPreferencesDlgProc (HWND hwndDlg, UINT msg, WP
 
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		switch (lw)
@@ -12127,6 +12202,10 @@ static BOOL CALLBACK DefaultMountParametersDlgProc (HWND hwndDlg, UINT msg, WPAR
 			return 0;
 		}
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		switch (lw)
@@ -12296,6 +12375,10 @@ static BOOL CALLBACK BootLoaderPreferencesDlgProc (HWND hwndDlg, UINT msg, WPARA
 		}
 		return 0;
 
+	case WM_DESTROY:
+		DetachProtectionFromCurrentThread();
+		break;
+
 	case WM_COMMAND:
 
 		switch (lw)

src/Mount/Mount.rc

@@ -173,7 +173,7 @@ BEGIN
     PUSHBUTTON      "&Auto-Mount Devices",IDC_MOUNTALL,100,243,84,18
     PUSHBUTTON      "Di&smount All",IDC_UNMOUNTALL,192,243,84,18,WS_GROUP
     PUSHBUTTON      "E&xit",IDC_EXIT,284,243,84,18,WS_GROUP
-    CONTROL         112,IDC_LOGO,"Static",SS_BITMAP | SS_NOTIFY | WS_BORDER,13,190,33,31
+    CONTROL         IDB_LOGO_96DPI,IDC_LOGO,"Static",SS_BITMAP | SS_NOTIFY | WS_BORDER,13,190,33,31
     GROUPBOX        "Volume",IDT_VOLUME,8,179,360,53
     CONTROL         "",IDC_STATIC,"Static",SS_ETCHEDFRAME,2,0,372,147
     CONTROL         "",IDC_STATIC,"Static",SS_ETCHEDFRAME,282,242,88,20
@@ -321,7 +321,7 @@ BEGIN
     DEFPUSHBUTTON   "OK",IDOK,255,226,50,14
 END
 
-IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 300
+IDD_PERFORMANCE_SETTINGS DIALOGEX 0, 0, 371, 341
 STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | DS_CENTER | WS_POPUP | WS_CAPTION | WS_SYSMENU
 CAPTION "VeraCrypt - Performance Options"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
@@ -344,17 +344,20 @@ BEGIN
     CONTROL         "Use CPU hardware random generator as an additional source of entropy",IDC_ENABLE_CPU_RNG,
                     "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,237,335,10
     CONTROL         "Activate encryption of keys and passwords stored in RAM",IDC_ENABLE_RAM_ENCRYPTION,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,250,337,10
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,271,337,10
     CONTROL         "Disable memory protection for Accessibility tools compatibility",IDC_DISABLE_MEMORY_PROTECTION,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,263,339,10
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,284,339,10
-    PUSHBUTTON      "?",IDC_DISABLE_MEMORY_PROTECTION_HELP,364,259,7,14
+    PUSHBUTTON      "?",IDC_DISABLE_MEMORY_PROTECTION_HELP,364,280,7,14
-    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,279,59,14
+    PUSHBUTTON      "&Benchmark",IDC_BENCHMARK,7,320,59,14
-    DEFPUSHBUTTON   "OK",IDOK,257,279,50,14
+    DEFPUSHBUTTON   "OK",IDOK,257,320,50,14
-    PUSHBUTTON      "Cancel",IDCANCEL,314,279,50,14
+    PUSHBUTTON      "Cancel",IDCANCEL,314,320,50,14
     LTEXT           "Processor (CPU) in this computer supports hardware acceleration for AES:",IDT_HW_AES_SUPPORTED_BY_CPU,18,23,273,9
     GROUPBOX        "Hardware Acceleration",IDT_ACCELERATION_OPTIONS,7,6,355,74
     GROUPBOX        "Thread-Based Parallelization",IDT_PARALLELIZATION_OPTIONS,7,84,355,93
-    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,95
+    GROUPBOX        "Driver Configuration",IDT_DRIVER_OPTIONS,7,183,357,69
+    GROUPBOX        "Security Options",IDT_SECURITY_OPTIONS,7,257,357,56
+    CONTROL         "Disable protection against screenshots and screen recording",IDC_DISABLE_SCREEN_PROTECTION,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,18,298,209,10
 END
 
 IDD_FAVORITE_VOLUMES DIALOGEX 0, 0, 380, 368
@@ -524,7 +527,7 @@ BEGIN
         LEFTMARGIN, 7
         RIGHTMARGIN, 364
         TOPMARGIN, 7
-        BOTTOMMARGIN, 293
+        BOTTOMMARGIN, 334
     END
 
     IDD_FAVORITE_VOLUMES, DIALOG

src/Mount/Resource.h

@@ -200,6 +200,7 @@
 #define IDC_FORCE_VERACRYPT_FIRST_BOOT_ENTRY 1178
 #define IDC_ENABLE_EMV_SUPPORT          1179
 #define IDT_EMV_OPTIONS                 1180
+#define IDC_DISABLE_SCREEN_PROTECTION   1181
 #define IDM_HELP                        40001
 #define IDM_ABOUT                       40002
 #define IDM_UNMOUNT_VOLUME              40003
@@ -277,7 +278,7 @@
 #define _APS_NO_MFC                     1
 #define _APS_NEXT_RESOURCE_VALUE        120
 #define _APS_NEXT_COMMAND_VALUE         40070
-#define _APS_NEXT_CONTROL_VALUE         1181
+#define _APS_NEXT_CONTROL_VALUE         1182
 #define _APS_NEXT_SYMED_VALUE           101
 #endif
 #endif

src/Release/Setup Files/Custom_InstallDirDlg.wxs

@@ -5,10 +5,10 @@
 <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
     <Fragment>
         <UI>
-            <Dialog Id="InstallDirAndOptionalShortcutsDlg" Width="370" Height="270" Title="!(loc.InstallDirDlg_Title)">
+            <Dialog Id="InstallDirAndOptionalShortcutsDlg" Width="370" Height="310" Title="!(loc.InstallDirDlg_Title)">
-                <Control Id="Next" Type="PushButton" X="236" Y="243" Width="56" Height="17" Default="yes" Text="!(loc.WixUINext)" />
+                <Control Id="Next" Type="PushButton" X="236" Y="283" Width="56" Height="17" Default="yes" Text="!(loc.WixUINext)" />
-                <Control Id="Back" Type="PushButton" X="180" Y="243" Width="56" Height="17" Text="!(loc.WixUIBack)" />
+                <Control Id="Back" Type="PushButton" X="180" Y="283" Width="56" Height="17" Text="!(loc.WixUIBack)" />
-                <Control Id="Cancel" Type="PushButton" X="304" Y="243" Width="56" Height="17" Cancel="yes" Text="!(loc.WixUICancel)">
+                <Control Id="Cancel" Type="PushButton" X="304" Y="283" Width="56" Height="17" Cancel="yes" Text="!(loc.WixUICancel)">
                     <Publish Event="SpawnDialog" Value="CancelDlg">1</Publish>
                 </Control>
 
@@ -16,7 +16,7 @@
                 <Control Id="Title" Type="Text" X="15" Y="6" Width="200" Height="15" Transparent="yes" NoPrefix="yes" Text="!(loc.InstallDirDlgTitle)" />
                 <Control Id="BannerBitmap" Type="Bitmap" X="0" Y="0" Width="370" Height="44" TabSkip="no" Text="!(loc.InstallDirDlgBannerBitmap)" />
                 <Control Id="BannerLine" Type="Line" X="0" Y="44" Width="370" Height="0" />
-                <Control Id="BottomLine" Type="Line" X="0" Y="234" Width="370" Height="0" />
+                <Control Id="BottomLine" Type="Line" X="0" Y="274" Width="370" Height="0" />
 
                 <Control Id="FolderLabel" Type="Text" X="20" Y="60" Width="290" Height="30" NoPrefix="yes" Text="!(loc.InstallDirDlgFolderLabel)" />
                 <Control Id="Folder" Type="PathEdit" X="20" Y="100" Width="320" Height="18" Property="WIXUI_INSTALLDIR" Indirect="yes" />
@@ -38,6 +38,14 @@
 							X="20" Y="200" Width="200" Height="17" 
 							Property="REGISTERVCFILEEXT" CheckBoxValue="1" 
 							Text="!(loc.AssociateVCFileExtensionDesc)" />
+				<Control Id="DisableMemoryProtectionCheckbox" Type="CheckBox" 
+							X="20" Y="220" Width="280" Height="17" 
+							Property="DISABLEMEMORYPROTECTION" CheckBoxValue="1" 
+							Text="!(loc.DisableMemoryProtectionDesc)" />
+				<Control Id="DisableScreenProtectionCheckbox" Type="CheckBox" 
+							X="20" Y="240" Width="280" Height="17" 
+							Property="DISABLESCREENPROTECTION" CheckBoxValue="1" 
+							Text="!(loc.DisableScreenProtectionDesc)" />
 
             </Dialog>
         </UI>

src/Release/Setup Files/Product64.wxs

@@ -153,6 +153,14 @@
 		<!-- By default, we install all for all users -->
 		<Property Id="ALLUSERS" Value="1" />
 
+		<!-- Following property is meant to disable memory protection -->  
+		<!-- By default, memory protection is enabled (checkbox unchecked) -->  
+		<Property Id="DISABLEMEMORYPROTECTION" Secure="yes" />
+
+		<!-- Following property is meant to disable screen protection -->  
+		<!-- By default, screen protection is enabled (checkbox unchecked) -->  
+		<Property Id="DISABLESCREENPROTECTION" Secure="yes" />
+
 		<!-- Following property sets the default acceptance of the license.
 			 In UI mode, the user needs to check the license box in order to accept 
 			 the license, which sets 'LicenseAccepted' to '1', but not 'ACCEPTLICENSE'.
@@ -2573,6 +2581,41 @@
 				</RegistryKey>
 			</Component>
 
+			<!-- Memory Protection Registry Setting - Enabled (Default) -->  
+			<Component Id="VeraCrypt_MemoryProtection_Enabled" Guid="{1B733E2D-AB4D-4F9B-9E57-09415F8252B3}" Win64="yes">  
+				<Condition>NOT DISABLEMEMORYPROTECTION</Condition>  
+				<RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\veracrypt">  
+					<RegistryValue Type="integer" Name="VeraCryptEnableMemoryProtection"   
+								Value="1" KeyPath="yes" />  
+				</RegistryKey>  
+			</Component>  
+		
+			<!-- Memory Protection Registry Setting - Disabled -->  
+			<Component Id="VeraCrypt_MemoryProtection_Disabled" Guid="{3F3F6CD5-E343-4106-930B-93D7CC7DB3A7}" Win64="yes">  
+				<Condition>DISABLEMEMORYPROTECTION</Condition>  
+				<RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\veracrypt">  
+					<RegistryValue Type="integer" Name="VeraCryptEnableMemoryProtection"   
+								Value="0" KeyPath="yes" />  
+				</RegistryKey>  
+			</Component>
+
+			<!-- Screen Protection Registry Setting - Enabled (Default) -->  
+			<Component Id="VeraCrypt_ScreenProtection_Enabled" Guid="{78F191B2-431D-43B3-8F1A-C61D3D426A6C}" Win64="yes">  
+				<Condition>NOT DISABLESCREENPROTECTION</Condition>  
+				<RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\veracrypt">  
+					<RegistryValue Type="integer" Name="VeraCryptEnableScreenProtection"   
+								Value="1" KeyPath="yes" />  
+				</RegistryKey>
+			</Component>
+			<!-- Screen Protection Registry Setting - Disabled -->
+			<Component Id="VeraCrypt_ScreenProtection_Disabled" Guid="{7DD6C6A8-B2F0-428B-A6B9-ECB4472E1862}" Win64="yes">  
+				<Condition>DISABLESCREENPROTECTION</Condition>  
+				<RegistryKey Root="HKLM" Key="SYSTEM\CurrentControlSet\Services\veracrypt">  
+					<RegistryValue Type="integer" Name="VeraCryptEnableScreenProtection"   
+								Value="0" KeyPath="yes" />  
+				</RegistryKey>
+			</Component>
+
 		</DirectoryRef>
 		
 		<!-- Smallest installable units ; Regroups Components to be installed in the same unit into one Feature -->
@@ -3331,7 +3374,10 @@
 			<ComponentRef Id="VeraCryptVolume_Open_64" />
 			<ComponentRef Id="VeraCryptVolume_Extension_64" />
 			<ComponentRef Id="VeraCrypt_ProductGUID" />
-			
+			<ComponentRef Id="VeraCrypt_MemoryProtection_Enabled" />  
+    		<ComponentRef Id="VeraCrypt_MemoryProtection_Disabled" />
+			<ComponentRef Id="VeraCrypt_ScreenProtection_Enabled" />  
+    		<ComponentRef Id="VeraCrypt_ScreenProtection_Disabled" />
 		</Feature>
 		
 		<Feature 	Id="Install_Shortcuts"

src/Release/Setup Files/Strings-en.wxl

@@ -21,4 +21,7 @@
 	<String Id="VeraCryptExpanderDesc" Overridable="yes">VeraCrypt Expander</String>
 	<String Id="VeraCryptWebsiteDesc" Overridable="yes">VeraCrypt Website</String>
 
+	<String Id="DisableMemoryProtectionDesc">Disable memory protection for Accessibility tools compatibility</String>
+	<String Id="DisableScreenProtectionDesc">Disable protection against screenshots and screen recording</String>
+  
 </WixLocalization>

src/Setup/Resource.h

@@ -94,6 +94,7 @@
 #define IDC_DONATE                      1032
 #define IDC_LANGUAGES_LIST              1033
 #define IDC_SELECT_LANGUAGE_LABEL       1034
+#define IDC_DISABLE_SCREEN_PROTECTION   1181
 
 // Next default values for new objects
 // 

src/Setup/Setup.c

@@ -75,7 +75,9 @@ BOOL bSystemRestore = TRUE;
 BOOL bDisableSwapFiles = FALSE;
 BOOL bForAllUsers = TRUE;
 BOOL bDisableMemoryProtection = FALSE;
+BOOL bDisableScreenProtection = FALSE;
 BOOL bOriginalDisableMemoryProtection = FALSE;
+BOOL bOriginalDisableScreenProtection = FALSE;
 BOOL bRegisterFileExt = TRUE;
 BOOL bAddToStartMenu = TRUE;
 BOOL bDesktopIcon = TRUE;
@@ -2376,6 +2378,12 @@ void DoInstall (void *arg)
 		bRestartRequired = TRUE; // Restart is required to apply the new memory protection settings
 	}
 
+	if (bOK && (bDisableScreenProtection != bOriginalDisableScreenProtection))
+	{
+		WriteScreenProtectionConfig(bDisableScreenProtection? FALSE : TRUE);
+		bRestartRequired = TRUE; // Restart is required to apply the new screen protection settings
+	}
+
 	if (bOK && bUpgrade)
 	{
 		// delete legacy files

src/Setup/Setup.h

@@ -115,7 +115,9 @@ extern BOOL bSystemRestore;
 extern BOOL bDisableSwapFiles;
 extern BOOL bForAllUsers;
 extern BOOL bDisableMemoryProtection;
+extern BOOL bDisableScreenProtection;
 extern BOOL bOriginalDisableMemoryProtection;
+extern BOOL bOriginalDisableScreenProtection;
 extern BOOL bRegisterFileExt;
 extern BOOL bAddToStartMenu;
 extern BOOL bDesktopIcon;

src/Setup/Setup.rc

@@ -148,15 +148,17 @@ BEGIN
     EDITTEXT        IDC_DESTINATION,11,41,260,13,ES_AUTOHSCROLL
     PUSHBUTTON      "Bro&wse...",IDC_BROWSE,278,40,59,14
     CONTROL         "Install &for all users",IDC_ALL_USERS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,68,168,11
-    CONTROL         "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,80,168,11
+    CONTROL         "Add VeraCrypt to &Start menu",IDC_PROG_GROUP,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,79,168,11
-    CONTROL         "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,92,168,11
+    CONTROL         "Add VeraCrypt icon to &desktop",IDC_DESKTOP_ICON,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,90,168,11
     CONTROL         "Associate the .hc file &extension with VeraCrypt",IDC_FILE_TYPE,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,104,232,11
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,101,232,11
     CONTROL         "Disable memory protection for Accessibility tools compatibility",IDC_DISABLE_MEMORY_PROTECTION,
-                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,115,315,10
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,112,315,10
-    PUSHBUTTON      "?",IDC_DISABLE_MEMORY_PROTECTION_HELP,337,111,7,14
+    PUSHBUTTON      "?",IDC_DISABLE_MEMORY_PROTECTION_HELP,337,107,7,14
-    CONTROL         "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,125,194,11
+    CONTROL         "Create System &Restore point",IDC_SYSTEM_RESTORE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,132,194,11
     LTEXT           "Please select or type the location where you want to install the VeraCrypt program files. If the specified folder does not exist, it will be automatically created.",IDT_INSTALL_DESTINATION,11,14,319,25
+    CONTROL         "Disable protection against screenshots and screen recording",IDC_DISABLE_SCREEN_PROTECTION,
+                    "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,122,209,10
 END
 
 IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 217, 156
@@ -186,8 +188,8 @@ BEGIN
     DEFPUSHBUTTON   "",IDC_NEXT,259,211,50,14
     PUSHBUTTON      "Cancel",IDCANCEL,317,211,50,14
     LTEXT           "",IDC_BOX_TITLE,11,2,324,12,0,WS_EX_TRANSPARENT
-    CONTROL         107,IDC_BITMAP_SETUP_WIZARD,"Static",SS_BITMAP | SS_NOTIFY,139,3,228,30
+    CONTROL         IDB_SETUP_WIZARD,IDC_BITMAP_SETUP_WIZARD,"Static",SS_BITMAP | SS_NOTIFY,139,3,228,30
-    CONTROL         109,IDC_SETUP_WIZARD_BKG,"Static",SS_BITMAP,0,0,11,10
+    CONTROL         IDB_SETUP_WIZARD_BKG,IDC_SETUP_WIZARD_BKG,"Static",SS_BITMAP,0,0,11,10
     CONTROL         "",IDC_SETUP_WIZARD_GFX_AREA,"Static",SS_GRAYRECT | NOT WS_VISIBLE,0,0,378,36,WS_EX_TRANSPARENT | WS_EX_STATICEDGE
     CONTROL         "",IDC_HR_BOTTOM,"Static",SS_ETCHEDHORZ,67,204,306,1,WS_EX_STATICEDGE
     CONTROL         "",IDC_HR,"Static",SS_ETCHEDHORZ,0,35,399,1,WS_EX_STATICEDGE

src/Setup/Wizard.c

@@ -213,6 +213,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 {
 	static char PageDebugId[128];
 	static HWND hDisableMemProtectionTooltipWnd = NULL;
+	static HWND hDisableScreenProtectionTooltipWnd = NULL;
 	WORD lw = LOWORD (wParam);
 	WORD hw = HIWORD (wParam);
 
@@ -446,10 +447,15 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				// make the help button adjacent to the checkbox
 				MakeControlsContiguous(hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, IDC_DISABLE_MEMORY_PROTECTION_HELP);
 
+				hDisableScreenProtectionTooltipWnd = CreateToolTip (IDC_DISABLE_SCREEN_PROTECTION, hwndDlg, "DISABLE_SCREEN_PROTECTION_HELP");
+				// make the help button adjacent to the checkbox
+				AccommodateCheckBoxTextWidth(hwndDlg, IDC_DISABLE_SCREEN_PROTECTION);
+
 				SetCheckBox (hwndDlg, IDC_ALL_USERS, bForAllUsers);
 				SetCheckBox (hwndDlg, IDC_FILE_TYPE, bRegisterFileExt);
 				SetCheckBox (hwndDlg, IDC_PROG_GROUP, bAddToStartMenu);
 				SetCheckBox (hwndDlg, IDC_DISABLE_MEMORY_PROTECTION, bDisableMemoryProtection);
+				SetCheckBox (hwndDlg, IDC_DISABLE_SCREEN_PROTECTION, bDisableScreenProtection);
 				SetCheckBox (hwndDlg, IDC_DESKTOP_ICON, bDesktopIcon);
 
 				SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString (bUpgrade ? "UPGRADE" : "INSTALL"));
@@ -705,6 +711,14 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 				Applink("memoryprotection");
 				return 1;
 
+			case IDC_DISABLE_SCREEN_PROTECTION:
+				bDisableScreenProtection = IsButtonChecked (GetDlgItem (hCurPage, IDC_DISABLE_SCREEN_PROTECTION));
+				if (bDisableScreenProtection)
+				{
+					Warning ("DISABLE_SCREEN_PROTECTION_WARNING", hwndDlg);
+				}
+				return 1;
+
 			case IDC_FILE_TYPE:
 				bRegisterFileExt = IsButtonChecked (GetDlgItem (hCurPage, IDC_FILE_TYPE));
 				return 1;
@@ -788,6 +802,12 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 			hDisableMemProtectionTooltipWnd = NULL;
 		}
 
+		if (hDisableScreenProtectionTooltipWnd != NULL)
+		{
+			DestroyWindow (hDisableScreenProtectionTooltipWnd);
+			hDisableScreenProtectionTooltipWnd = NULL;
+		}
+
 		break;
 
 	}
@@ -883,8 +903,9 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
 
 			DonColorSchemeId = GetDonVal (2, 9);
 
-			// get the initial value of bDisableMemoryProtection by reading the registry
+			// get the initial value of bDisableMemoryProtection and bDisableScreenProtection by reading the registry
 			bDisableMemoryProtection = bOriginalDisableMemoryProtection = ReadMemoryProtectionConfig()? FALSE : TRUE;
+			bDisableScreenProtection = bOriginalDisableScreenProtection = ReadScreenProtectionConfig()? FALSE : TRUE;
 
 			if (bDevm)
 			{