There is supposed to be new protection that allows foregound programs that the user is using to keylog and screen capture.
Can see how this applies to keylogging, not sure re screencapture and Egemen was less explicit about that. Maybe if the prog is invoked from explorer by the user it can grab, if not, or if invoked from startup key, it cannot.
I just ran SpyShelter’s test http://www.spyshelter.com/download/AntiTest.zip and it was able to take screenshots. Privatefirewall for example warns me and allows me to block the screen capture, but CIS allows it even with HIPS set to Paranoid and the application partially sandboxed as Untrusted.
I wasn’t able to test the application in the background, but like the example given in this topic I think allowing screen capture for any foreground application is a security concern.