CrowdStrike Falcon for macOS

CrowdStrike Falcon® Endpoint Security for macOS with native M1, M2, and Intel support, simply and effectively stops breaches.

Why Falcon for macOS?

Better protection

Industry leading protection and response capabilities for macOS environments — nullify malware and sophisticated attacks — even when offline.

Unparalleled visibility

Continuous monitoring for in-depth insight and accelerated threat detection and response. Powerful visibility extends to threat intelligence and IT hygiene for ultimate analyst control.


Rapidly deploy comprehensive, cross platform capabilities without the need for signatures, fine-tuning or costly infrastructure. Protect and respond at scale through a single agent — simply and efficiently.

Technical features

Check out the specs and traits

Unmatched next-gen endpoint protection technologies

  • CrowdStrike Falcon® for macOS protects against a broad spectrum of attacks from commodity and zero-day malware, ransomware, and exploits to advanced malware-free and fileless attacks — stay ahead of the rapidly changing tactics, techniques and procedures (TTPs).
  • For ultimate protection, Falcon combines technologies such as machine learning for malware protection on and off sensor, indicator of attack (IOA) behavioral blocking, custom IOA blocking, mac script control, detect and quarantine on write, allowlisting and detections based on threat intelligence reputation.
  • Falcon Device Control for macOS gives analysts intuitive and granular control to defend against external USB devices, without any additional endpoint software installation or hardware to manage.
  • Falcon Firewall Management’s reduced complexity and simplified management enables effective protection against network threats, while reducing time spent on logging, troubleshooting, and compliance activities.
  • Falcon uniquely integrates powerful best-in-class prevention, detection and response with IT hygiene and extended visibility providing continuous breach prevention in a single, lightweight agent.
Unmatched EPP MacOs

Unrivaled visibility for accelerated threat detection and response

  • Falcon for macOS intelligently detects advanced threats and malicious activities automatically. Prioritized, context-rich alerts eliminate time-consuming research and manual searches
  • Continuous monitoring and visibility provide full details and raw events to enable proactive and managed threat hunting and forensic investigations
  • Powerful response capabilities enable analysts to directly connect to the target host, gather additional relevant files and details, establish network containment, and upload and launch files and/or remediation scripts to easily deliver full remediation at scale, remotely.
  • Integrated threat intelligence for macOS delivers the complete context of an attack, including attribution.
Unrivaled visibility macOS

Extended capabilities

  • Automated malware analysis for macOS with CrowdStrike Falcon® Intelligence is a force multiplier for analysts beyond what happened on the endpoint, revealing the "who, why and how" behind the attack. Sandbox analysis, malware search and threat intelligence provide valuable actor attribution, related malware details and maximum IOC extraction.
  • IT Hygiene with Falcon Discover provides detailed visibility over macOS applications, assets and user accounts giving analysts enriched visibility and response capabilities.
  • Falcon Forensics collects forensic data for robust and efficient analysis of cybersecurity incidents and rapid identification of relevant data through preset dashboards, accelerating compromise assessments and incident response.
  • Zero Trust Assessment provides enhanced visibility of the overall health of a Mac endpoint with a single metric along with recommendations to improve security posture. Metrics can be shared with CrowdStrike partners for real-time conditional access enforcement.
Extended capabilities macOS chart

Broad support

  • Native M1, M2, and Intel x86 support
  • A single Falcon agent covers all supported macOS versions including Ventura, Monterey and Big Sur
  • The Falcon agent simplifies upgrading to newer macOS versions by automatically reconfiguring itself to use the Apple system extension method for Big Sur and above
Broad support mac OS

Customers trust CrowdStrike