Setup
Download and Install Vexifa Cyber Secure
Install Vexifa Cyber Secure from the Windows Store. Once installed, launch the app — it will request administrator privileges to install the background sidecar service.
- Windows 10 (version 1903+) or Windows 11 required
- Minimum 4 GB RAM; 8 GB recommended for real-time process monitoring
- 500 MB free disk space for the CVE database cache
- Internet access required for the initial CVE database sync (then works offline)
The sidecar background service starts automatically after installation and begins monitoring in the system tray immediately. You don't need to keep the main window open.
Configure Your AI Provider
Open Settings → AI Provider to connect the model that powers the AI Security Advisor. Choose the option that best fits your setup:
Option A — Local Ollama (Free, Fully Offline)
Install Ollama and pull a model (recommended: phi3:medium or llama3). No API key needed — all inference runs on your hardware.
Option B — Cloud API (Faster, Better Reasoning)
Paste an API key for your preferred provider:
- Anthropic Claude — best threat explanation quality; key starts with
sk-ant-api03- - OpenAI — GPT-4o or GPT-4o-mini; key starts with
sk-proj- - Google Gemini — fast and affordable; key starts with
AIza - OpenRouter — single key to access 100+ models; key starts with
sk-or-v1-
When using a cloud provider, Vexifa Cyber Secure sends your questions and relevant machine context (CVE results, threat details, open port data) to the AI API. No raw process dumps, passwords, or file contents are ever sent.
First Scan
Run Your First Attack Surface Scan
Navigate to the Dashboard and click Scan Now. The full attack surface scan takes 30–90 seconds depending on how many applications and processes are running.
The scan covers:
- Installed software inventory (cross-referenced against the CVE database)
- All open network ports with process ownership and risk classification
- Active network connections with destination IP reputation checks
- Running process tree with parent–child relationships and memory footprint
- Saved credentials health check (strength and reuse detection)
The risk score in the top-left of the Dashboard is a 0–100 composite score. A score above 60 indicates high-priority items requiring immediate attention. First-run scores above 40 are normal for unaudited Windows machines.
Review the CVE Report
The CVE panel on the Dashboard lists every installed application with a known vulnerability. Each row shows:
- Application name and installed version
- CVE ID(s) affecting that version
- CVSS score (0–10 severity rating)
- Brief description of the vulnerability
- Link to the NVD advisory with patch information
Sort by CVSS score descending to prioritize the highest-risk vulnerabilities first. Applications with scores of 9.0+ should be patched or uninstalled immediately.
Ask the AI Advisor: "Which CVE on my machine is the most urgent to fix and what's my actual risk?" — it will read your CVE panel and give you a prioritized action plan.
Response
Triage the Threat Log
Navigate to Threat Log to see all active threats flagged by the 7 monitoring sources. Active threats are shown at the top; dismissed threats are archived below.
For each threat you can:
- Dismiss — mark as a known false positive and archive it
- Quarantine — isolate the associated process from the system
- Ask AI — get a plain-English explanation of what the threat is and what to do
Don't dismiss threats you don't recognize. Use the AI Advisor first — some process names that look legitimate (like svchost.exe) can indicate injection when flagged by the behavioral detector.
Work Through the Hardening Checklist
Navigate to Hardening to see your hardening score and the full checklist organized by category. Each uncompleted action shows a description and an Apply button.
Recommended starting order:
- Complete all Critical severity actions first (usually 3–5 items)
- Work through High severity actions in the Network and Authentication categories
- Address remaining Medium items at your own pace
Vexifa Cyber Secure executes each hardening action for you — you don't need to open regedit, run PowerShell, or modify Group Policy manually. Click Apply and the change is made immediately.
Enable Continuous Background Monitoring
The Vexifa Cyber Secure sidecar process runs in the background continuously and monitors your machine even when the main window is closed. Confirm it's active:
- Look for the Vexifa Cyber Secure icon in the Windows system tray (bottom-right taskbar)
- Right-click the tray icon → Status to confirm all monitors are active
The sidecar fires real-time alerts to the Threat Log for:
- New suspicious processes appearing in the process tree
- Anomalous outbound connections to known malicious IPs
- New CVEs published for your installed software (daily database sync)
- Filesystem changes in protected directories
Re-run the full attack surface scan weekly, or after installing new software. The sidecar catches real-time events but the full scan gives you the complete picture at a point in time.
You're set up and protected
Your attack surface is mapped, your CVEs are prioritized, and your machine is being monitored in real time. Keep the hardening score climbing to reduce your exposure over time.