Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 6.2.0 Administration Guide
    6.2.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Installing a FortiEDR Collector on macOS

    Installing a FortiEDR Collector on macOS

    The process described below includes a description of how to allow the following upon first FortiEDR Collector installation:

    • System Extensions

    • Network Extensions

    • Full Disk Access

    IMPORTANT: Failure to add these permissions will result in incomplete protection.

    Deployment can also be managed using an MDM, such as Jamf.

    To install a FortiEDR Collector on macOS that is running with Big Sur (version 11) or later:
    To start the installation:

    1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.

    2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_<version>.dmg.

    3. Click Continue.

    4. Click Install.

    5. Enter the Mac password at the prompt and click Install Software.

    6. If a non-customized installer is used, in the Collector Conifguration page, specify the Aggregator's address and FortiEDR registration password. Optionally, you can select a destination Organization and Collector Group and/or installation using a system proxy.

    7. Click Apply to start the installation process.

    8. Continue the installation:

    To continue the installation on macOS 15 or later:

    1. In the popup window, click OK to allow the installer to access files:

    2. Enable Network and System Extensions:

      1. Open General > Login Items & Extensions and scroll down to Extensions.

      2. Click Endpoint Security Extension and toggle on FortiEDRControl.

        The Mac password is required for this change.

      3. Click Done.

      4. Click Network Extension and toggle on FortiEDRControl.

        The Mac password is required for this change.

      5. Click Done.

    3. Enable Full Disk Access:

      1. Open Full Disk Access on Privacy & Security.

      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below:

    4. See To finish the installation.

    To continue the installation on macOS 13 or 14:

    1. In the popup window, click OK to allow the installer to access files:

    2. Enable Network and System Extensions:

      1. Open Privacy & Security and scroll down to the Security section:

      2. Under Some system software requires your attention before it can be used, Click Details.

      3. Enter the Mac password at the prompt.

      4. Toggle on both toggles in order to allow FortiEDR to use Network and System Extensions and click OK.

    3. Enable Full Disk Access:

      1. Open Full Disk Access on Security Preferences.

      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below:

        • Collector earlier than 6.0:

        • Collector 6.0 or later:

    4. See To finish the installation.

    To continue the installation on macOS 11 or 12:

    1. In the popup window, click Later:

    2. Enable Network and System Extensions:

      1. Open Security Preferences.

      2. Click the lock at the bottom of the window in order to make changes.

      3. In the General tab, click Details.

      4. Mark both checkboxes to allow FortiEDR to use Network and System Extensions. Click OK.

    3. Enable Full Disk Access:

      1. Open Security Preferences.

      2. Click the lock at the bottom of the window in order to make changes.

      3. In the Privacy tab, select Full Disk Access from the left pane.

      4. Select the checkboxes of both the FortiEDRCollector and the FortiEDR_EndPoint applications:

    4. See To finish the installation.

    To finish the installation:

    1. Click Allow.

    2. Click OK.

    3. Click Close to complete the process.

    4. When prompted to allow FORTIEDRTRAY notifications, click Allow.

    5. Reboot the device.

    6. Run the following command to check the status of the Collector:

      • Collector 6.0 or later:

        /Applications/FortiEDR.app/Contents/Library/LaunchServices/fortiedr_collector.sh status

      • Collector earlier than 6.0:

        /Applications/FortiEDR.app/fortiedr_collector.sh status

    7. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.

    To install a FortiEDR Collector on macOS with versions prior to Big Sur (11), such as Catalina or Mojave:

    1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.

    2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.dmg.

    3. Double-click the *.pkg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.pkg.

    4. Click Continue.

    5. Select the destination disk and click Continue.

    6. Specify the installation location and click Install.

    7. If a non-customized installer is used, in the Aggregator Address field, enter the IP address of the Aggregator in the first box and the port of the Aggregator in the adjacent (Port) box.

    8. If a non-customized installer is used, in the Registration Password field, enter the registration password as described in Configuring the FortiEDR Central Manager server and console.

    9. Leave the Organization field empty or for a multi-tenant setup, insert the organization to which this Collector belongs (as it appears under the ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

    10. If you use a web proxy to filter requests in this device’s network, then check the Use System Proxy Settings checkbox. Note that the MacOS must be configured to use a proxy and that the proxy must support HTTPS before installing the Collector (System Preferences > Network > Advanced > Proxies).

    11. Click Apply.

    12. Click Close.

    13. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.

    Previous
    Next

    Installing a FortiEDR Collector on macOS

    Installing a FortiEDR Collector on macOS

    The process described below includes a description of how to allow the following upon first FortiEDR Collector installation:

    • System Extensions

    • Network Extensions

    • Full Disk Access

    IMPORTANT: Failure to add these permissions will result in incomplete protection.

    Deployment can also be managed using an MDM, such as Jamf.

    To install a FortiEDR Collector on macOS that is running with Big Sur (version 11) or later:
    To start the installation:

    1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.

    2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_<version>.dmg.

    3. Click Continue.

    4. Click Install.

    5. Enter the Mac password at the prompt and click Install Software.

    6. If a non-customized installer is used, in the Collector Conifguration page, specify the Aggregator's address and FortiEDR registration password. Optionally, you can select a destination Organization and Collector Group and/or installation using a system proxy.

    7. Click Apply to start the installation process.

    8. Continue the installation:

    To continue the installation on macOS 15 or later:

    1. In the popup window, click OK to allow the installer to access files:

    2. Enable Network and System Extensions:

      1. Open General > Login Items & Extensions and scroll down to Extensions.

      2. Click Endpoint Security Extension and toggle on FortiEDRControl.

        The Mac password is required for this change.

      3. Click Done.

      4. Click Network Extension and toggle on FortiEDRControl.

        The Mac password is required for this change.

      5. Click Done.

    3. Enable Full Disk Access:

      1. Open Full Disk Access on Privacy & Security.

      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below:

    4. See To finish the installation.

    To continue the installation on macOS 13 or 14:

    1. In the popup window, click OK to allow the installer to access files:

    2. Enable Network and System Extensions:

      1. Open Privacy & Security and scroll down to the Security section:

      2. Under Some system software requires your attention before it can be used, Click Details.

      3. Enter the Mac password at the prompt.

      4. Toggle on both toggles in order to allow FortiEDR to use Network and System Extensions and click OK.

    3. Enable Full Disk Access:

      1. Open Full Disk Access on Security Preferences.

      2. Toggle on the two FortiEDR-related options to authorize full disk access for FortiEDR, as shown below:

        • Collector earlier than 6.0:

        • Collector 6.0 or later:

    4. See To finish the installation.

    To continue the installation on macOS 11 or 12:

    1. In the popup window, click Later:

    2. Enable Network and System Extensions:

      1. Open Security Preferences.

      2. Click the lock at the bottom of the window in order to make changes.

      3. In the General tab, click Details.

      4. Mark both checkboxes to allow FortiEDR to use Network and System Extensions. Click OK.

    3. Enable Full Disk Access:

      1. Open Security Preferences.

      2. Click the lock at the bottom of the window in order to make changes.

      3. In the Privacy tab, select Full Disk Access from the left pane.

      4. Select the checkboxes of both the FortiEDRCollector and the FortiEDR_EndPoint applications:

    4. See To finish the installation.

    To finish the installation:

    1. Click Allow.

    2. Click OK.

    3. Click Close to complete the process.

    4. When prompted to allow FORTIEDRTRAY notifications, click Allow.

    5. Reboot the device.

    6. Run the following command to check the status of the Collector:

      • Collector 6.0 or later:

        /Applications/FortiEDR.app/Contents/Library/LaunchServices/fortiedr_collector.sh status

      • Collector earlier than 6.0:

        /Applications/FortiEDR.app/fortiedr_collector.sh status

    7. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.

    To install a FortiEDR Collector on macOS with versions prior to Big Sur (11), such as Catalina or Mojave:

    1. It is recommended to get a pre-populated customized Collector installer for macOS, as described in Requesting and obtaining a Collector installer.

    2. Double-click the *.dmg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.dmg.

    3. Double-click the *.pkg file named FortiEDRCollectorInstallerOSX_1.3.0.xxx.pkg.

    4. Click Continue.

    5. Select the destination disk and click Continue.

    6. Specify the installation location and click Install.

    7. If a non-customized installer is used, in the Aggregator Address field, enter the IP address of the Aggregator in the first box and the port of the Aggregator in the adjacent (Port) box.

    8. If a non-customized installer is used, in the Registration Password field, enter the registration password as described in Configuring the FortiEDR Central Manager server and console.

    9. Leave the Organization field empty or for a multi-tenant setup, insert the organization to which this Collector belongs (as it appears under the ADMINISTRATION > ORGANIZATIONS tab of the FortiEDR Central Manager).

    10. If you use a web proxy to filter requests in this device’s network, then check the Use System Proxy Settings checkbox. Note that the MacOS must be configured to use a proxy and that the proxy must support HTTPS before installing the Collector (System Preferences > Network > Advanced > Proxies).

    11. Click Apply.

    12. Click Close.

    13. If another AV product is also installed on the machine, exclude AV exceptions by following the instructions in Setting up exclusions with other AV products.

    Previous
    Next