Using centroids to group file characteristics Skip Navigation

Using centroids to group file characteristics

Cloud Services use
CylanceINFINITY
, which collects threat data, trains and learns from that threat data, and calculates likely outcomes based on what it sees. This same collection of threat data is used by
CylanceV
as local models. Because these models are local, do not update frequently, and
CylanceV
does not connect to
CylanceINFINITY
, there may be times when users could benefit from adding new samples along with the local models. This can be done using centroids.
"Centroid" means "center of the group." A centroid is built and based on a representative sampling of the file the centroid is intended to impact. Based on the select grouping of file characteristics, centroids allow or block execution of that grouping. By using a grouping, files that fall within a tolerance range are considered part of the group.
With centroids enabled,
CylanceV
will check for new centroids on startup. New centroids will be downloaded and may cause a slight delay when
CylanceV
starts.
  1. Make sure you have the centroids.xml file.
    CylanceV
    can only use one centroids.xml file at a time. If you do not have the centroids.xml file, you can create an empty file and name it centroids.xml.
  2. Open the CylanceV.exe.config file using a text editor. The configuration file should be in the same folder as the CylanceV.exe file.
  3. Under CylanceVSettings, in the Analysis section, look for
    selectedCentroidFile=""
    .
  4. Add the absolute path to the centroids.xml file. For example, selectedCentroidFile="C:\CylanceV\centroids.xml".
  5. Save the configuration file.
  6. Run
    CylanceV
    . The centroid.xml file will be updated with the latest centroid information.