Install Arctic Wolf Agent on a single macOS endpoint

You can install Arctic Wolf® Agent on a single macOS installation.

Note:

  • Agent is designed to maintain a minimal footprint on all systems, but Arctic Wolf recommends some OS requirements. Arctic Wolf cannot guarantee functionality on virtual machine (VM) environments if resources do not meet recommended levels.

These resources are required:

  • To correctly view Agent risks in the Unified Portal, macOS Agent version 2024-01_27 or later is required

  • Administrator permissions or the ability to do administrator or root level functions

  • macOS 26, 15, 14, 13, 12, or 11 for 64-bit systems
    Note:
    • macOS 10.14 and 10.15 are only supported on Agent version 2024-03_88.
    • Center for Internet Security (CIS) Benchmarks for macOS 26, which are used in Managed Risk (MR) benchmark scanning, are not yet available. They will be added when CIS releases them.
  • These system resources:
    • Apple Silicon (M-series) or 64-bit Intel-based Apple chipsets
    • At a minimum:
      • A dual-core CPU
      • 2 GB of memory
      • 50 MB of disk space

These actions are required:

  • For versions 2024-01_27 or higher, make sure outbound access is available for port 443. For lower versions, make sure outbound access is available for ports 443 and 1514.

Configure your environment firewall

Configure your firewall to allow traffic to Agent DNS hostnames.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Resources > Allowlist Requirements.
  3. Configure your firewall to allow outbound traffic for all the hostnames, not IP addresses, listed in the Agent section.
    Note:

    Agent must contact Arctic Wolf servers to register. If this process fails, Agent retries every 15 seconds. This has no negative effect on the system.

Add Agent processes to the allowlist

If you install Agent and an antivirus, endpoint scanner, Endpoint Detection and Response (EDR) solution, Unified Threat Management (UTM) solution, or similar software, add Agent processes to the allowlist in those applications to maintain stable CPU and memory utilization:

  1. Configure your security systems to allow the processes listed in Arctic Wolf Agent processes.
    Tip:

    Arctic Wolf recommends that you define a security rule or policy exclusion for the parent folder. Then, if new processes are added during a future Agent software update, the new rule or policy exclusion applies to it. For example, for a macOS endpoint, define a rule that applies to this file path: /Library/ArcticWolfNetworks/Agent.

  2. Add the files listed in Arctic Wolf Agent hash values to all allowlists.
  3. If you use an EDR solution, verify that your EDR configuration changes are applied to all endpoints.

See the technical documentation for the security systems that you are configuring for more information.

Configure PPPC

If you are a Managed Risk customer, to detect all vulnerabilities during scans, you must enable Full Disk Access in Privacy Preferences Policy Control (PPPC) settings.

To configure PPPC to allow Full Disk Access, do these actions:
  1. Open System Settings.
  2. Navigate to Privacy & Security > Full Disk Access.
  3. Click , and authenticate, if required.
  4. Add these files:

    • /Library/ArcticWolfNetworks/Agent/bin/scout-client

    • /usr/local/libexec/scout-desktop
    • /Library/ArcticWolfNetworks/Agent/plugins/audit_module/audit_module
    • /Library/ArcticWolfNetworks/Agent/bin/uninstall_modules

Download and install Agent

  1. Download the Agent installer:
    1. Sign in to the Arctic Wolf Unified Portal.
    2. In the navigation menu, click Resources > Downloads.
    3. In the Arctic Wolf Agent section, in the Operating System list, select the required operating system.
    4. Click Download Agent.
  2. Extract the Agent zip contents into a folder to access the PKG and customer.json files.
  3. Right-click the PKG file.
  4. Click Open to run the installation.
  5. Follow the prompts to proceed with the installation.
  6. Contact your Arctic Wolf Customer Success Manager or your Concierge Security® Team (CST) at security@arcticwolf.com to confirm that Agent data is reaching Arctic Wolf.