Detection · Remote-control sessions

Detect remote-control sessions in remote interviews.

AnyDesk, TeamViewer, Chrome Remote Desktop — tools that let someone else view or drive the candidate's machine, feeding answers or taking over the hard parts. Capifiq surfaces an active remote-control session on the interview timeline and seals it as evidence, even when the software is renamed or brand new.

The threat

Someone else, driving the interview.

A remote-control session lets a second person see the candidate's screen and, often, control it directly. During an interview that means an expert can read the questions, type the answers, or quietly take over whenever the candidate gets stuck — while the person on camera simply narrates.

It is one of the oldest forms of interview fraud, and modern remote-desktop tools make it effortless and, to a casual observer, invisible.

Tools in this category

  • AnyDesk — fast, quiet remote desktop
  • TeamViewer — widely used remote access
  • Chrome Remote Desktop — browser-based control
  • RustDesk and other open-source clients
  • Remote-desktop protocols generally
  • …and the next client shipped tomorrow

The blind spot

Why the interviewer can't tell.

Remote control is built to be seamless, and remote-desktop software is everywhere and legitimate.

Invisible on camera

The helper is on another machine entirely. The webcam shows a calm, capable candidate answering smoothly.

Looks like normal software

Remote-desktop tools are legitimate and common, so their mere presence can't tell interview abuse from routine IT support.

Renamed or brand new

A signature scanner only knows catalogued clients. A renamed build or a new tool simply isn't on the list yet.

What Capifiq surfaces

  • An active remote-access session during the interview
  • The connection state and session timing
  • Coverage that isn't limited to named clients
  • Cryptographically hashed, sealed evidence for review

The coverage

Caught by the session, not the brand.

Capifiq surfaces that a remote-control session is active during the interview, regardless of which client is used or what it is called.

The finding lands on the timeline in real time and is sealed as deterministic evidence for the interviewer to weigh — not a probability score.

The full picture

On-device is only half of it.

Capifiq detects any unauthorized assistance running on the candidate's device — this is one of the common vectors, not a fixed list. And for help that never touches the device, interviewing methodology deters what no software can see.

Questions

Common questions.

Does Capifiq detect AnyDesk or TeamViewer?
Yes — and it is not limited to named clients. Capifiq surfaces an active remote-control session even when the tool is renamed, open-source, or brand new.
What if the outside person only watches, and doesn't type?
Coverage focuses on the presence of the session itself. Whether the outside party watches or drives, the active session is the finding.
Isn't remote-desktop software legitimate?
Yes — which is exactly why a denylist alone can't judge it. Capifiq surfaces that a session is active during a monitored interview as a factual, timestamped event, and a human decides what it means.
What about a brand-new remote tool?
Coverage does not depend on the tool being catalogued first, so a new client is in scope from day one.

Get started

Catch the hand you can't see on the keyboard.

Run Capifiq alongside the Zoom, Teams, or Meet calls you already do, and see what it surfaces.