Skip Navigation

Using centroids

Cylance
uses the
Cylance
cloud, which collects threat data, trains and learns from that threat data, and calculates likely outcomes based on what it sees. This same collection of threat data is used by CylanceV as local models. Because these models are local, do not update frequently, and CylanceV does not connect to
Cylance
cloud, there may be times when users could benefit from adding new samples along with the local models. This can be done using centroids.
"Centroid" means "center of the group." A
Cylance
centroid is built and based on a representative sampling of the file the centroid is intended to impact. Based on the select grouping of file characteristics, centroids allow or block execution of that grouping. By using a grouping, files that fall within a tolerance range are considered part of the group.
With centroids enabled, CylanceV will check for new centroids on startup. New centroids will be downloaded and may cause a slight delay when CylanceV starts.
  1. Make sure you have the centroids.xml file. CylanceV can only use one centroids.xml file at a time. If you do not have the centroids.xml file, you can create an empty file and name it centroids.xml.
  2. Open the CylanceV.exe.config file using a text editor. The configuration file should be in the same folder as the CylanceV.exe file.
  3. Under CylanceVSettings, in the Analysis section, look for
    selectedCentroidFile=""
    .
  4. Add the absolute path to the centroids.xml file. For example, selectedCentroidFile="C:\CylanceV\centroids.xml".
  5. Save the configuration file.
  6. Run CylanceV. The centroid.xml file will be updated with the latest centroid information.