Best answer by JoeJ
I suggest not configuring system applications like explorer.exe as protected applications - it will definitely cause odd system behavior as it will prevent other components of the system from communicating with Explorer. There is a considerable amount of logic in place to allow legitimate screen capturing but block malicious use of screen data. I've tested it here on Windows 7 x64 and XP 32bit right now and it is working properly, so I suspect the testing tools are not simulating malware accurately.
Control keys like capslock, backspace, shift, etc. will be allowed through as if they are blocked, the OS loses context. As for random keystrokes coming through, this could be due to if the foreground window loses focus or isn't being actively typed into.
In any event, screen grabbers and keyloggers are almost irrelevant these days when it comes to real malware. Threats are using much more advanced techniques which is what WSA focuses on protecting: man in the browser attacks, memory injection, system call hooking, and a myriad of other approaches. They tend to not use the obvious ones like screen capture/keylogging because they generate too much data and are too easy to detect as malicious behaviors. WSA excels at blocking the most advanced techniques and has been doing so for years without any threats bypassing it.