How to Install Falcon Antivirus (AV) on the Mac Platform

Introduction

This video illustrates Falcon’s ability to protect against multiple threats on the Mac with low impact.

Video


Read Video Transcript

Prerequisites

System Dependencies

Installing the CrowdStrike Falcon Sensor requires elevated privileges. The Falcon Mac Sensor is supported for use on the following OS versions:

  • macOS High Sierra 10.13 (Supported for v3.6 (build 5703) and later)
  • macOS Sierra 10.12
  • OS X El Capitan 10.11

Browser Dependencies

CrowdStrike currently supports the Google Chrome browser for use with the Falcon UI. We support the current release of Chrome as well as the prior two major versions. Other browsers may work, but we do not support other browsers at this time.

Installing the Falcon Sensor for Mac

  1. Download the sensor installer from Hosts > Sensor Downloads. Use the Chrome browser.
  2. Copy your Customer ID Checksum (CID) from Hosts > Sensor Downloads.
  3. Run the sensor installer on your device in one of these ways:
    • Double-click the .pkg file.
    • Run this command at a terminal, replacing <installer .pkg> with the path and file name of your installer package.sudo installer -verboseR -package <installer .pkg> -target /
  4. When prompted, enter administrative credentials for the installer.

    macOS 10.13 High Sierra: When you install the Falcon sensor, follow the OS prompts to approve installation of a kernel extension. This authorization is not required when installing via a desktop management tool, such as JAMF.

  5. Run falconctl, installed with the Falcon sensor, to provide your customer ID checksum (CID).
    • This command is slightly different if you’re installing with password protection (see documentation).
    • In this example, replace 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX with your CID.

    sudo /Library/CS/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX

After installation, the sensor runs silently. To confirm that the sensor is running, run this command at a terminal:

sysctl cs

The output shows a list of details about the sensor, including its agent ID (AID), version, customer ID, and more.

More resources

CrowdStrike Falcon Free Trial
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial