Screen capture blocking

Learn how to block screenshots, screen recording, or screen sharing applications.

Information in this article applies to Safetica ONE 10 or older.

In this article, you will learn:

How it works

Screen capture blocking only blocks the part of screen which contains sensitive data. This way, you can still take screenshots of application windows without sensitive content or share a non-sensitive part of your screen in a video chat.


Screen capture blocking does not depend on user action detection, which means there is nothing to be logged.

Safetica does not provide logs about screen capture operations, and user notifications about screen capture blocking only appear when a DLP policy is applied - when an application is launched or when it opens protected data.




How to enable screen capture blocking on Windows 7

On Windows 7, screen capture blocking requires Desktop Window Manager (DWM.exe) to be running. On newer operating system, the feature works without limitations.

To check if Desktop Window Manager is running correctly on all your endpoints, go to Maintenance → Endpoint overview. Problems with DWM.exe will be reported in the Missing SW column.

To force DWM to run on Windows 7 endpoints:

  1. Obtain an aero.msstyles file from a Windows 7 machine running DWM. You should be able to locate it in C:\windows\resources\themes\aero\
  2. Store the file in a network location, e.g. \\server\share\aero.msstyles
  3. In Group Policy Management Editor go to User Configuration\Administrative Templates\Control Panel\Personalization
  4. Set Force a specific visual style file or force Windows Classic to Enabled and set your network path to the aero.msstyle file.
  5. Set Prevent changing theme to Enabled.
  6. In Group Policy Management Editor go to User configuration\Preferences\Windows settings\Registry
  7. Add a new Registry Item:
    Action: Update
    Key Path: \Software\Microsoft\Windows\DWM
    Value name: Composition
    Value type: REG_DWORD
    Value data: 1 (decimal)

These steps will force DWM to run after the endpoints are restarted and the users log in. In case a user used the Windows 7 Basic theme, two restarts might be required.