Automatic security capture: documenting unauthorized access
When someone tries to access your computer without authorization, you need more than protection. You need evidence. Avalw Shield's automatic security capture silently documents every unauthorized access attempt, giving you a clear record of who tried to use your device and when.
Why security screenshots matter
Locking your screen prevents unauthorized access. But locking alone does not tell you that someone tried. Without documentation, you have no way of knowing whether your computer was approached while you were away, whether someone sat down and attempted to log in, or whether a colleague was casually browsing your desk.
Security screenshots close this gap. They create an automatic, timestamped visual record of access attempts. This record serves two purposes: it deters future attempts (people behave differently when they know they are being documented), and it provides evidence if an incident needs to be investigated.
How automatic capture works
Shield monitors your computer's camera continuously. When specific security events occur, Shield captures a photograph from the camera along with metadata about the event. This happens silently, without any visible flash, shutter sound, or on-screen notification that could alert the person being photographed.
Trigger: Unknown face at lock screen
Someone sits at your locked computer
When Shield detects a face at the lock screen that does not match the enrolled user, it captures a security screenshot. This documents who approached the computer while the owner was away. The capture occurs within one second of face detection.
Trigger: Wrong password attempts
Someone tries to guess your password
If someone enters an incorrect password while Shield is active, the system captures a screenshot on each failed attempt. Combined with the face capture, this creates a comprehensive record showing both who attempted access and how many times they tried.
Trigger: Prolonged blur sessions
Someone persistently tries to view your screen
When the shoulder surfing blur remains active for an extended period, indicating that someone is persistently trying to view the screen, Shield captures a security screenshot. This documents cases where someone stands behind you for an unusually long time, even if they never touch the keyboard.
What screenshots contain
Each security capture includes multiple pieces of information that together create a complete record of the event.
- Timestamp. The exact date and time of the event, accurate to the second.
- Camera image. A photograph from the computer's camera showing who triggered the event.
- Event context. The type of trigger that caused the capture: unknown face, failed password, or prolonged blur. This helps you quickly understand what happened without reviewing every image.
Storage and retention
Encrypted local storage
All security screenshots are stored locally on your computer in an encrypted format. They are not uploaded to any cloud service, not transmitted over the network, and not accessible to any application other than Shield. The encryption key is derived from your local system credentials, meaning the screenshots can only be viewed on your computer while you are logged in.
Chronological organization
Screenshots are organized chronologically, with the most recent events appearing first. Each entry shows the timestamp, event type, and a thumbnail of the captured image. You can quickly scan through recent events to identify anything unusual.
90-day retention
By default, Shield retains security screenshots for 90 days. After 90 days, screenshots are automatically and permanently deleted. This retention period balances the need for a reasonable investigation window with responsible data management. You can adjust the retention period in settings.
Storage impact
Security screenshots are compressed and typically occupy 50-150 KB each. Even with frequent triggers, the total storage impact rarely exceeds a few hundred megabytes over the full 90-day retention period.
Accessing your captures
The security gallery
Shield includes a dedicated security gallery accessible from the main dashboard. The gallery displays all captured screenshots in reverse chronological order. Each entry shows the date, time, event type, and a thumbnail preview.
Filtering
You can filter the gallery by event type (unknown face, failed password, prolonged blur), by date range, or by a combination of both. This makes it easy to investigate a specific incident or review all events of a particular type.
Real scenarios
The curious colleague
Discovering who visited your desk
You return from lunch to find your mouse has been moved slightly. Nothing seems wrong, but something feels off. You open Shield's security gallery and find three captures: a colleague sat at your desk at 12:47, looked at the lock screen, and left after 30 seconds. No password attempts. Now you know.
The access attempt
Documenting a deliberate intrusion attempt
Shield's gallery shows five captures over a 10-minute period: an unknown person sat at your desk, attempted your password three times, waited, tried twice more, and left. Each attempt is documented with a clear face image and timestamp. You now have actionable evidence for your security team.
Privacy considerations
Automatic security capture raises legitimate privacy questions. Shield addresses these through several design principles.
- Owner-only access. Only the enrolled user can view captured screenshots. There is no admin access, no remote viewing, and no way for IT departments to access the gallery without the user's participation.
- Local-only storage. Screenshots never leave the device. There is no cloud backup, no sync, and no network transmission.
- Automatic deletion. The 90-day retention policy ensures that old captures are permanently removed without manual intervention.
- Transparent operation. Shield's settings clearly show when security capture is enabled, what triggers it, and where captures are stored.
Security capture exists to protect you, not to surveil others. The data belongs to you, stays on your device, and is automatically cleaned up. You are in complete control.
Configuration options
You can customize security capture behavior from Shield's settings panel.
- Enable or disable each trigger type independently. You might want captures for failed passwords but not for prolonged blur events.
- Adjust retention period from 30 to 180 days depending on your needs.
- Set capture quality to balance image clarity with storage space.
- Enable notifications to be alerted when a new capture occurs, or keep captures completely silent.