Centroids are used to adjust the classification of a group of files by Endpoint Defense AI between updates to the Aurora Engine. Centroids are produced whenever an adjustment is deemed necessary.

The Aurora Engine can read updated centroids in one of two ways. The first method is to read a file stored in a local file location; the Aurora Engine periodically checks this location to see if the file has been updated. These centroids must be downloaded manually as described in the Appendix: Endpoint Defense Infinity Data Service. Centroids downloaded manually include all released centroids for that model.

The second method is to retrieve automatically only the centroids that the Aurora Engine does not already have, whether they shipped with the Aurora Engine or were downloaded later, based on a manifest that contains a list of centroids for each of the models. Retrieving the manifest is a lightweight operation. The Aurora Engine then uses the manifest to download any centroids that it does not already have. The set of centroids downloaded in this manner may not match those retrieved via the Infinity Public Data API for distribution-efficiency reasons. For more information, see the ManifestCentroidUpdate section in Configuration file for the Aurora Engine.