Restricting Screen Capture
Screen Capture Blocking:
The HySecure windows client has feature to block the screen capture, but in the version <= 5.1.7.7 version it has some flaws because of the hooking functions where the BITBLT and other image manipulation functions were hooked. And using those flaws Screen recording software, Step recorder, Office Software were used to capture the screen.
Enhancement:
Now in the current improved version, if Hooking binary can hook into the dialog shown on the window the whenever the screen is captured the dialog/window will appear black. Given the below feature matrix where screen capture is block and where it is not.
Feature matrix table:
| Applications | HySecure Client Version | |
|---|---|---|
| <= 5.1.7.7 | >= 5.1.7.9 | |
| Snipping tool | Blocks everything | Blocks everything |
| PtrScr button | Blocks everything | Blocks everything |
| Step Recorder | Cannot block, Print Screen happens | Blocks protected windows Protected windows = such as “Notepad, Chrome, IE, Word, Excel, Wordpad, EDCLauncher, MSTSC” |
| Snip and Sketch Print | Screen happens | Blocks protected*windows |
| Word, Excel, PowerPoint | Cannot block | Blocks protected* windows |
| Any Video Recording Software | Cannot block every product, Print Screen happens | Blocks protected* windows |
ByPass Application from Screenshot blocking
If administrator want to by pass certain applications from blocking screen shots. Ie collaboration tools like “TEAMS.exe” then a tag mentioned above can be used to set bypass from screenshot blocking.
Configuration:
SCREENSHOTBLOCK_BYPASS_LIST=[BLANK]/iexplore.exe,teams.exe
Default is not present/Not available/blank in that case no application is bypassed.
|Verinfo Tag| Default | Values| remarks SCREENSHOTBLOCK_BYPASS_LIST Empty/blank/NA Max Limit = Unlimited Min Limit = 0 |Comma Separated binary names | Bypasslist Is not present
Unblock screen shot after logout
Administrators want to discontinue to block screenshots after the HySecure has terminated, then in this case the above should be used to unblock applications from taking screen shots of blocked application once HySecure client has logged out/terminated.
Configuration:
SCREENSHOTUNBLOCK=true/false
Default is not present/Not available/blank ie Blocking of screen shot will continue to run till the process is closed.
| # | SCREENSHOTUNBLOCK values | Behaviour |
|---|---|---|
| 1 | True | When user exists the HySecure the blocking of Application will be discontinued |
| 2 | False | |
| 3 | Not available |
Supported Version:
Version: 5.1.7.9