Fortinet white logo
Fortinet white logo

Administration Guide

Installing a FortiEDR Collector on macOS

Installing a FortiEDR Collector on macOS

The process described below includes a description of how to allow the following upon first FortiEDR Collector installation:

  • System Extensions
  • Network Extensions
  • Full Disk Access

IMPORTANT: Failure to add these permissions will result in incomplete protection.

Deployment can also be managed using an MDM, such as Jamf.

To install a FortiEDR Collector on macOS that is running with Big Sur (version 11) or above:
  1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.
  2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_<version>.dmg.
  3. Click Continue.

  4. Click Install.

  5. Enter the Mac password at the prompt and click Install Software.

  6. If a non-customized installer is used, in the Collector Conifguration page, specify the Aggregator's address and FortiEDR registration password. Optionally, you can select a destination Organization and Collector Group and/or installation using a system proxy.

  7. Click Apply to start the installation process.
  8. Perform the following during installation:
    1. (macOS v13.0 or above): Allow the installer to access files as shown below.

    2. Enable Network and System Extensions, shown below:

      macOS v13.0 or above:

      1. Open Privacy & Security Preferences and scroll down to the Security section:

      2. Under Some system software requires your attention before it can be used, Click Details.
      3. Enter the Mac password at the prompt.
      4. Toggle on both toggles in order to allow FortiEDR to use Network and System Extensions and click OK.

      macOS v11 or v12:

      1. Open Security Preferences.
      2. Click the lock at the bottom of the window in order to make changes.
      3. In the General tab, click Details.
      4. Mark both checkboxes to allow FortiEDR to use Network and System Extensions. Click OK.

    3. Enable Full Disk Access by performing the following:

      macOS v13.0 or above:

      1. Open Full Disk Access on Security Preferences.
      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below.

      macOS v11 or v12:

      1. Open Security Preferences.
      2. Click the lock at the bottom of the window in order to make changes.
      3. In the Privacy tab, select Full Disk Access from the left pane.
      4. Select the checkboxes of both the FortiEDRCollector and the FortiEDR_EndPoint applications:
      5. If that FortiEDR application does not display on this page, click the + button.
      6. Click Applications, select FortiEDR and then click Open.

  9. In the popup window, click Later.

  10. Click Allow.

  11. Click OK.

  12. Click Close to complete the process.

  13. When prompted to allow FORTIEDRTRAY notifications, click Allow.

  14. Reboot the device.
  15. You can run the following command to check the status of the Collector:
    /Applications/FortiEDR.app/fortiedr_collector.sh status
  16. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.
To install a FortiEDR Collector on macOS with versions prior to Big Sur (11), such as Catalina or Mojave:
  1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.
  2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.dmg.
  3. Double-click the *.pkg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.pkg.

  4. Click Continue.

  5. Select the destination disk and click Continue.
  6. Specify the installation location and click Install.

  7. If a non-customized installer is used, in the Aggregator Address field, enter the IP address of the Aggregator in the first box and the port of the Aggregator in the adjacent (Port) box.

  8. If a non-customized installer is used, in the Registration Password field, enter the registration password as described in Configuring the FortiEDR Central Manager server and console.
  9. Leave the Organization field empty or for a multi-tenant setup, insert the organization to which this Collector belongs (as it appears under the ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).
  10. If you use a web proxy to filter requests in this device’s network, then check the Use System Proxy Settings checkbox. Note that the MacOS must be configured to use a proxy and that the proxy must support HTTPS before installing the Collector (System Preferences > Network > Advanced > Proxies).
  11. Click Apply.
  12. Click Close.

  13. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.

Installing a FortiEDR Collector on macOS

Installing a FortiEDR Collector on macOS

The process described below includes a description of how to allow the following upon first FortiEDR Collector installation:

  • System Extensions
  • Network Extensions
  • Full Disk Access

IMPORTANT: Failure to add these permissions will result in incomplete protection.

Deployment can also be managed using an MDM, such as Jamf.

To install a FortiEDR Collector on macOS that is running with Big Sur (version 11) or above:
  1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.
  2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_<version>.dmg.
  3. Click Continue.

  4. Click Install.

  5. Enter the Mac password at the prompt and click Install Software.

  6. If a non-customized installer is used, in the Collector Conifguration page, specify the Aggregator's address and FortiEDR registration password. Optionally, you can select a destination Organization and Collector Group and/or installation using a system proxy.

  7. Click Apply to start the installation process.
  8. Perform the following during installation:
    1. (macOS v13.0 or above): Allow the installer to access files as shown below.

    2. Enable Network and System Extensions, shown below:

      macOS v13.0 or above:

      1. Open Privacy & Security Preferences and scroll down to the Security section:

      2. Under Some system software requires your attention before it can be used, Click Details.
      3. Enter the Mac password at the prompt.
      4. Toggle on both toggles in order to allow FortiEDR to use Network and System Extensions and click OK.

      macOS v11 or v12:

      1. Open Security Preferences.
      2. Click the lock at the bottom of the window in order to make changes.
      3. In the General tab, click Details.
      4. Mark both checkboxes to allow FortiEDR to use Network and System Extensions. Click OK.

    3. Enable Full Disk Access by performing the following:

      macOS v13.0 or above:

      1. Open Full Disk Access on Security Preferences.
      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below.

      macOS v11 or v12:

      1. Open Security Preferences.
      2. Click the lock at the bottom of the window in order to make changes.
      3. In the Privacy tab, select Full Disk Access from the left pane.
      4. Select the checkboxes of both the FortiEDRCollector and the FortiEDR_EndPoint applications:
      5. If that FortiEDR application does not display on this page, click the + button.
      6. Click Applications, select FortiEDR and then click Open.

  9. In the popup window, click Later.

  10. Click Allow.

  11. Click OK.

  12. Click Close to complete the process.

  13. When prompted to allow FORTIEDRTRAY notifications, click Allow.

  14. Reboot the device.
  15. You can run the following command to check the status of the Collector:
    /Applications/FortiEDR.app/fortiedr_collector.sh status
  16. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.
To install a FortiEDR Collector on macOS with versions prior to Big Sur (11), such as Catalina or Mojave:
  1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.
  2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.dmg.
  3. Double-click the *.pkg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.pkg.

  4. Click Continue.

  5. Select the destination disk and click Continue.
  6. Specify the installation location and click Install.

  7. If a non-customized installer is used, in the Aggregator Address field, enter the IP address of the Aggregator in the first box and the port of the Aggregator in the adjacent (Port) box.

  8. If a non-customized installer is used, in the Registration Password field, enter the registration password as described in Configuring the FortiEDR Central Manager server and console.
  9. Leave the Organization field empty or for a multi-tenant setup, insert the organization to which this Collector belongs (as it appears under the ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).
  10. If you use a web proxy to filter requests in this device’s network, then check the Use System Proxy Settings checkbox. Note that the MacOS must be configured to use a proxy and that the proxy must support HTTPS before installing the Collector (System Preferences > Network > Advanced > Proxies).
  11. Click Apply.
  12. Click Close.

  13. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.