Our website uses cookies to enhance your browsing experience.



In this section, you will download the Falcon sensor and install it on your first Mac system. Installing Falcon Prevent is much easier than installing legacy antivirus solutions. First, it is important to recognize that you do not need to set up a management console. Falcon Prevent is cloud delivered, so the backend infrastructure is already up and running. You will never have to worry about speed or scale. The installer is small, so it downloads faster and is easier to deploy. The installation is invisible to the end user, and in detect only mode can coexist with other endpoint security solutions. It does not even require a reboot.

We recommend doing this test scenario on your personal laptop or desktop. There is no malware used in this scenario, but we will begin in a full prevention mode. With that, you will want to first uninstall your existing AV solution. Later, we will review how using detect-only mode allows for coexistence and easy deployment transitions.

Step-by-Step Instructions

1. Download and install the Falcon sensor

This section will walk you through your first sensor download and install. Because CrowdStrike Falcon is 100% cloud delivered, there is no need to setup any infrastructure. All you have to do is install the small sensor and you can immediately generate your first detection.

a. Right after your login you can click on "Download Sensor" to be taken to the Hosts > Sensor Downloads page.

Click the Download button for macOS.

Then copy the Customer ID checksum (you’ll need this during the install).

b. Run the sensor installer on your device in one of these ways:

  • Double-click the .pkg file.
  • or
  • Run this command at a terminal, replacing with the path and file name of your installer package. sudo installer -verboseR -package -target /

c. When prompted, enter administrative credentials for the installer.

"macOS 10.13 High Sierra: When you install the Falcon sensor, follow the OS prompts to approve installation of a kernel extension. This authorization is not required when installing via a desktop management tool, such as JAMF."

d. Use the command below to run falconctl, installed with the Falcon sensor, and provide your customer ID checksum (CID). In this example, replace 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX with your CID.

sudo /Library/CS/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX

After installation, the sensor runs silently.

Note: If you run into any issues during the sensor install, please contact us at falcontrial@crowdstrike.com

2. Confirm that the sensor is running

Run this command at a terminal:

sysctl cs

The output shows a list of details about the sensor, including its agent ID (AID), version, customer ID, and more.

3. Verify sensor visibility in the cloud

In the Falcon UI go to Hosts > Host Management and verify that you see your hostname listed. The "Prevention Policy" column should show "platform_default" as the assigned policy. In some cases, it might take a few minutes before you see your host fully registered.

4. Generate your first detection

To see an example of what a detection alert looks like in Falcon Prevent, we will run a harmless test command on your computer:

a. Open a terminal

b. Type or copy and paste this command:

/bin/echo crowdstrike_sample_detection

c. Switch back to the Falcon UI and go to Activity > Detections to inspect the new alert.

You are done!
Congratulations, you now have your first fully functional Falcon Prevent installation up and running. You have verified that Falcon Prevent is active on the system and seen a prevention from both the client and UI perspective.


In this section, you downloaded and installed Falcon Prevent. Did you notice that the sensor was small, took very little time to download, and didn't require a reboot? This is because CrowdStrike's unique architecture allows us to provide all the functionality of a traditional antivirus solution while consuming a fraction of the system resources.

In the next section, we will focus on illustrating Falcon Prevent's effectiveness against all kinds of different threats.

Use Case: Getting Started

Use Case: Efficacy