Employees of a modern organization often have access to files including information concerning various significant business aspects of the organization. This information may include data on customers (or patients), contracts, deliveries, supplies, employees, manufacturing, or the like. To protect such data, most organizations employ security systems that provide data loss prevention. Conventional security techniques typically scan textual data as it is leaving an endpoint system, and perform predetermined actions based on data loss prevention (DLP) policies to prevent loss of sensitive information. However, conventional security systems are not capable of determining whether or not confidential data is being displayed on an endpoint device. Moreover, conventional security systems are incapable of blocking a print screen operation when confidential data is displayed. Instead, conventional security systems simply block all print screen operations if a specific application is running, regardless of whether or not confidential information is displayed. This can unnecessarily inconvenience users who wish to take a screen shot when there is no confidential information shown.