Detection · Virtual machines
Detect virtual machines in remote interviews.
VMware, VirtualBox, and emulators let a candidate run the interview in one environment while unauthorized tools, notes, or a second workspace run outside it. Capifiq surfaces a virtualized interview environment and seals it as evidence for the interviewer to review.
The threat
One screen for you, another for them.
A virtual machine runs a whole second computer inside the real one. A candidate can join the interview from inside a clean, empty VM — while their actual desktop, with AI tools, notes, or a coding assistant, runs outside it, invisible to anything watching the VM.
It is a deliberate way to isolate the interview from where the cheating actually happens.
Environments in this category
- VMware — desktop and workstation VMs
- VirtualBox — free, widely used
- Hyper-V and built-in virtualization
- QEMU and emulators
- Cloud desktops and hosted VMs
- …and new virtualization tools
The blind spot
Why watching the VM isn't enough.
The interview environment is engineered to look clean, and virtualization is legitimate, everyday technology.
Clean by design
The interview runs in a fresh VM with nothing to find. The real tools live outside it, on the host.
Invisible from inside
Software running inside the VM can't see the host desktop where the actual activity happens.
Legitimate technology
Virtualization is standard and legitimate, so its presence alone isn't proof — and a denylist can't judge intent.
What Capifiq surfaces
- Indicators of a virtualized operating environment
- An unexpected device or system profile
- Coverage independent of the specific virtualization tool
- Cryptographically hashed, sealed evidence for review
The coverage
Caught by the environment, not the contents.
Capifiq surfaces indicators that the interview is running inside a virtualized environment, before assuming anything about what runs outside it.
The finding is timestamped and sealed as deterministic evidence for the interviewer to weigh.
The full picture
On-device is only half of it.
Capifiq detects any unauthorized assistance running on the candidate's device — this is one of the common vectors, not a fixed list. And for help that never touches the device, interviewing methodology deters what no software can see.
Hidden AI assistants
Desktop and web tools that feed answers on a hidden overlay.
Remote-control sessions
Another person viewing or driving the candidate's machine.
Virtual cameras & deepfakes
A substituted or manipulated webcam feed.
Browser-based assistants
Extensions and web apps that generate answers.
Display tampering
Overlays and extra displays hiding content.
Off-device cheating
Deterred with interviewing methodology — the second pillar.
Questions
Common questions.
Does running in a VM automatically mean cheating?
Which virtualization tools does it cover?
Can it see what's running outside the VM?
What about a brand-new hypervisor?
Get started
See the second computer hiding the first.
Run Capifiq alongside the Zoom, Teams, or Meet calls you already do, and see what it surfaces.