Using centroids to group file characteristics Skip Navigation

Using centroids to group file characteristics

Cloud Services use
, which collects threat data, trains and learns from that threat data, and calculates likely outcomes based on what it sees. This same collection of threat data is used by
as local models. Because these models are local, do not update frequently, and
does not connect to
, there may be times when users could benefit from adding new samples along with the local models. This can be done using centroids.
"Centroid" means "center of the group." A centroid is built and based on a representative sampling of the file the centroid is intended to impact. Based on the select grouping of file characteristics, centroids allow or block execution of that grouping. By using a grouping, files that fall within a tolerance range are considered part of the group.
With centroids enabled,
will check for new centroids on startup. New centroids will be downloaded and may cause a slight delay when
  1. Make sure you have the centroids.xml file.
    can only use one centroids.xml file at a time. If you do not have the centroids.xml file, you can create an empty file and name it centroids.xml.
  2. Open the CylanceV.exe.config file using a text editor. The configuration file should be in the same folder as the CylanceV.exe file.
  3. Under CylanceVSettings, in the Analysis section, look for
  4. Add the absolute path to the centroids.xml file. For example, selectedCentroidFile="C:\CylanceV\centroids.xml".
  5. Save the configuration file.
  6. Run
    . The centroid.xml file will be updated with the latest centroid information.