diff --git a/README b/README
index e42c187e2..55f9109da 100644
--- a/README
+++ b/README
@@ -29,6 +29,7 @@ Fred-Barclay (https://github.com/Fred-Barclay)
 	- added 0ad profile
 	- fixed version for deb packages
 	- added Warzone2100 profile
+	- blacklisted VeraCrypt
 avoidr (https://github.com/avoidr)
 	- whitelist fix
 	- recently-used.xbel fix
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b1133f28f..4d05ba783 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -26,6 +26,14 @@ blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/VirtualBox VMs
 blacklist ${HOME}/.config/VirtualBox
 
+# VeraCrypt
+blacklist ${PATH}/veracrypt
+blacklist ${PATH}/veracrypt-uninstall.sh
+blacklist /usr/share/veracrypt
+blacklist /usr/share/applications/veracrypt.*
+blacklist /usr/share/pixmaps/veracrypt.*
+blacklist ${HOME}/.VeraCrypt
+
 # var
 blacklist /var/spool/cron
 blacklist /var/spool/anacron
diff --git a/todo b/todo
index da732be9f..f23b4b13d 100644
--- a/todo
+++ b/todo
@@ -74,11 +74,9 @@ CapEff:	0000000000000000
 CapBnd:	0000003fffffffff
 CapAmb:	0000000000000000
 
-11. cleanup thunderbird profile - disable-common was commented out
-
-12. check seccomp on Docker: https://docs.docker.com/engine/security/seccomp/
+11. check seccomp on Docker: https://docs.docker.com/engine/security/seccomp/
 Seccomp lists:
 https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_64.tbl
 https://github.com/torvalds/linux/blob/1e75a9f34a5ed5902707fb74b468356c55142b71/arch/x86/entry/syscalls/syscall_32.tbl
 
-13. check for --chroot why .config/pulse dir is not created
+12. check for --chroot why .config/pulse dir is not created