Falcon Endpoint Security for macOS

Falcon’s industry leading macOS endpoint security with native M1 and Intel support, simply and effectively stops breaches.
Start Free Trial


Next-generation endpoint protection for mac endpoints against malware and beyond

  • Better Protection

    Better Protection

    Industry leading protection and response capabilities for macOS environments — nullify malware and sophisticated attacks — even when offline.

  • Unparalleled Visibility to Stop Breaches

    Unparalleled Visibility to Stop Breaches

    Continuous monitoring for in-depth insight and accelerated threat detection and response. Powerful visibility extends to threat intelligence and IT hygiene for ultimate analyst control.

  • Simplicity


    Rapidly deploy comprehensive, cross platform capabilities without the need for signatures, fine-tuning or costly infrastructure. Protect and respond at scale through a single agent — simply and efficiently.

Technical Features

Check Out the Specs and Traits

 Unmatched Next-Gen Endpoint Protection Technologies

Unmatched Next-Gen Endpoint Protection Technologies

  • CrowdStrike Falcon for macOS protects against a broad spectrum of attacks from commodity and zero-day malware, ransomware, and exploits to advanced malware-free and fileless attacks — stay ahead of the rapidly changing tactics, techniques and procedures (TTPs).
  • For ultimate protection, Falcon combines technologies such as machine learning for malware protection on and off sensor, indicator of attack (IOA) behavioral blocking, custom IOA blocking, mac script control, allowlisting and detections based on threat intelligence reputation.
  • Falcon Device Control for macOS gives analysts intuitive and granular control to defend against external USB devices, without any additional endpoint software installation or hardware to manage.
  • Falcon Firewall Management’s reduced complexity and simplified management enables effective protection against network threats, while reducing time spent on logging, troubleshooting, and compliance activities.
  • Falcon uniquely integrates powerful best-in-class prevention, detection and response with IT hygiene and extended visibility providing continuous breach prevention in a single, lightweight agent.

macOS Data Sheet

Unrivaled Visibility for Accelerated Threat Detection and Response

Unrivaled Visibility for Accelerated Threat Detection and Response

  • Falcon for macOS intelligently detects advanced threats and malicious activities automatically. Prioritized, context-rich alerts eliminate time-consuming research and manual searches
  • Continuous monitoring and visibility provide full details and raw events to enable proactive and managed threat hunting and forensic investigations
  • Powerful response capabilities enable analysts to directly connect to the target host, gather additional relevant files and details, establish network containment, and upload and launch files and/or remediation scripts to easily deliver full remediation at scale, remotely.
  • Integrated threat intelligence for macOS delivers the complete context of an attack, including attribution.
Extended Capabilities

Extended Capabilities

  • Automated malware analysis for macOS with CROWDSTRIKE FALCON® INTELLIGENCE is a force multiplier for analysts beyond what happened on the endpoint, revealing the "who, why and how" behind the attack. Sandbox analysis, malware search and threat intelligence provide valuable actor attribution, related malware details and maximum IOC extraction.
  • IT Hygiene with Falcon Discover provides detailed visibility over macOS applications, assets and user accounts giving analysts enriched visibility and response capabilities.
  • Falcon Forensics collects forensic data for robust and efficient analysis of cybersecurity incidents and rapid identification of relevant data through preset dashboards, accelerating compromise assessments and incident response.
  • Zero Trust Assessment provides enhanced visibility of the overall health of a Mac endpoint with a single metric along with recommendations to improve security posture. Metrics can be shared with CrowdStrike partners for real-time conditional access enforcement.
Broad Support

Broad Support

  • Native M1 and Intel x86 support
  • A single Falcon agent covers all supported macOS versions including Big Sur, with system extensions and backward compatibility with Mojave and Catalina, where Falcon will use the older kext approach as necessary
  • The Falcon agent simplifies upgrading to newer macOS versions by automatically reconfigures itself to use the Apple system extension method for Big Sur and above
  • Falcon for macOS supports kernel extensions (kext) and system extensions, offering the same levels of visibility, detection and protection

Technical Center

For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.

  • Technical Center
  • Technical Center
  • Technical Center
Getting started with Next-Gen Antivirus

See How CrowdStrike Stacks Up Against the Competition

crowdstrike vs the competition icon

Product Validation

Customers Trust CrowdStrike