The trick is to add some JavaScript to an "onbeforeunload" handler which detects a click has taken place outside of the Pega real-estate, and then takes an appropriate action.  I've found this sample which should start you in the right direction.  It is probably a different harness to which you need to attach things, and the action might be slightly different,  but this should point you in the right direction....

Add a .js file to the PerformExternal harness rule that contains the following:

window.onbeforeunload = logoff_onbeforeunload;
function logoff_onbeforeunload() {
if (window.event.clientY < 0 && (window.event.clientX > (document.documentElement.clientWidth - 5) || window.event.clientX < 15)) {

var oXmlHttp = new ActiveXObject("Microsoft.XMLHTTP");
oXmlHttp.Open("POST", document.forms[0].action, false);
oXmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
oXmlHttp.Send("pyActivity=Code-Security.EndSessionExternal&ReviewFormName=ConfirmExternal");

}
}

Very IMPORTANT - The URL has to be that of the document.forms[0].action and CAN NOT be used with safeURL as it will convert some fo the data. This also has to be a POST request with pyActivity specified in the POST body.

The Activity Code-Security.EndSessionExternal is a copy of Code-Security.EndSession but the first step is changed from Show-HTML to Show-Property. The Show-Property step simply returns "GOOD".