diff --git a/doc/img/approve.png b/doc/img/approve.png
new file mode 100644
index 00000000..546c4b8c
Binary files /dev/null and b/doc/img/approve.png differ
diff --git a/doc/installation.md b/doc/installation.md
index dd478148..18aaecb6 100644
--- a/doc/installation.md
+++ b/doc/installation.md
@@ -8,6 +8,12 @@ We use PyInstaller to create these packages.
 
 The capa [README](../README.md#download) also links to nightly builds of standalone binaries from the latest development branch.
 
+### MacOS Standalone installation
+
+By default, on MacOS Catalina or greater, Gatekeeper will block execution of the standalone binary. To resolve this, simply try to execute it once on the command-line and then go to `System Preferences` / `Security & Privacy` / `General` and approve the application:
+
+![approve dialog](img/approve.png)
+
 ## Method 2: Using capa as a Python library
 To install capa as a Python library, you'll need to install a few dependencies, and then use `pip` to fetch the capa module.
 Note: this technique doesn't pull the default rule set, so you should check it out separately from [capa-rules](https://github.com/fireeye/capa-rules/) and pass the directory to the entrypoint using `-r`.