XfinityJessie's profile

Administrator

 • 

4.7K Messages

Thu, Jan 3, 2019 1:00 PM

Closed

ANSWERED: What is Xfinity xFi Advanced Security and how does it work?

Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind.

Advanced Security is available at no cost to Xfinity Internet subscribers who rent a compatible xFi Gateway.

Features and Benefits

FEATURES

  • Helps you avoid accidentally visiting risky sites and becoming a victim of phishing attacks.
  • Blocks remote access to smart devices, like home cameras, from known dangerous sources.
  • Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network security risk.
  • Adapts to your home network and gets smarter to keep up with new security risks over time.
  • Provides real-time notifications and a dashboard to easily view and manage security risks right from the Xfinity app or website.

BENEFITS

  • No additional hardware to install; all you need is a compatible xFi Gateway.
  • No software to install on your individual devices; your entire network is protected once Advanced Security is enabled.

Note: If you're trying to access a website that you think is being mistakenly blocked by Advanced Security, submit a request for reassessment at spa.xfinity.com. For more details, see Report a Website Blocked by Xfinity xFi Advanced Security.

Getting Access

You can turn on Advanced Security from the Connect tab in both the Xfinity app and the xFi website. Simply click on the Advanced Security tile and follow the steps to enable Advanced Security.

Note: It may take up to 10 minutes to fully enable Advanced Security.

To view the Advanced Security Dashboard, select the Advanced Security tile from the Connect tab. Learn more about using xFi Advanced Security and Comcast's commitment to Privacy and Security.

Equipment Requirements

Advanced Security is supported by all xFi Gateways except the Cisco DPC3939 Gateway.

Note: Advanced Security cannot be enabled on Gateways in Bridge Mode.

Enabling Advanced Security

To turn on Advanced Security in the Xfinity app and xFi website:

  1. Go to the Connect tab.
  2. Select Advanced Security.
  3. Toggle the setting on.

Note: It can take up to 10 minutes to fully enable Advanced Security.

Security Status

Once turned on, you can find a status of security activity in the Overview section of the Xfinity app or xFi website (xfinity.com/myxfi).
xFi Gateway Online and Secure screen in Xfinity app.

Advanced Security Dashboard

The Dashboard gives you a comprehensive view of security risks detected during the past seven days and a list of devices that have been impacted.

The Advanced Security screen is displayed.

Managing Security Risks

Threats are split into two main categories: those that are for awareness only and those that require attention. While all security risks are immediately blocked, there are some where we’ll recommend further action to make sure they won’t happen again.



Awareness-Only Threats

These include suspicious site visits. This doesn't require any action, but you'll be alerted that the activity is potentially risky. To view additional details, select the device from the Advanced Security dashboard.

The threat details page will provide a list of risks associated with a given device, for example when the device has been blocked from visiting a dangerous website.

Any time a device is blocked from accessing a site, you can select Allow Access to access the site for up to one hour. Learn more about the threat types.



Action Needed

These include targeted network attacks, suspicious device activity and unauthorized access attempts. When these security risks occur, they might result in a device that's vulnerable due to a virus or malware. We recommend you take further action to secure your device. If a security risk requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action.

The threat details page will provide a list of security risks that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.

Tips to Resolve Security Risks

Depending on the nature of the security risk that requires your attention, the following tips can help you protect your device.

  • Quarantine Your Device
    If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
  • Update Your Software
    Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
  • Restart Your Device
    After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
  • Check Your Port Forwards
    Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
  • Disable DMZ
    Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. You can disable DMZ by going Connect, select See Network, and then Advanced Settings. Next, select DMZ and then Edit to access the setting. Deselect the checkbox next to Enabled, and select Apply Changes.

Tips to Access a Blocked Device

If Advanced Security detects a known threat targeted for the device with Port Forwarding, DMZ settings enabled or UPnP open ports, it will block all traffic coming from its open ports as a measure of protection until the security risk is averted. If you are unable to access a device from outside your home network, you have two options:

  • Allow Access: Go to the Connect section in the Xfinity app or xFi website, select the device you want to provide access to, and follow the instructions to Allow Access.
    • We recommend that you only use Allow Access when you are confident about who is accessing the device from outside the home network.
    • Note that the Allow Access feature will only permit access to the specific device you choose on the specified port using a specific source IP address for 30 days from the time you enable it.
  • Disable Advanced Security: Alternatively, you can choose to turn off Advanced Security.
    • We do not recommend that you turn off Advanced Security, as this removes Advanced Security’s protections from all of your devices.
    • If you need access to a specific device, we recommend you keep Advanced Security turned on and follow the steps above to Allow Access on a device-by-device basis.

Report a Website Blocked by Advanced Security

Advanced Security blocks websites that are determined to be potentially dangerous. These sites may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks.

If you are trying to access a website, that you think is being mistakenly blocked by Advanced Security, submit a request for re-assessment at spa.xfinity.com. The request will be reviewed, and an update will typically be provided within three business days.

Real-Time Notifications

Receive real-time updates about threats to your network that require immediate attention by turning on notifications in the Xfinity app. To do this, log into the app and tap on the Person icon in the top-left corner of the app (The person icon appears as a stylized head and shoulders inside a circle.) to access the Account page, tap Preferences under Notifications and check the box next to Network Activity.

Disabling Advanced Security

To disable Advanced Security, follow the steps below.

Note: Once disabled, you’ll lose 24/7 risk monitoring and real-time reporting on your home network.

To turn off Advanced Security in the Xfinity app:

  1. Tap on the Person icon (Person icon.) in the top-left corner on the Overview screen.
  2. Scroll down to More Resources.
  3. Tap xFi Advanced Security.
  4. Tap Turn Off.
  5. Toggle the setting off.

To turn off Advanced Security in the xFi website:

  1. Click on More.
  2. Select My Services.
  3. Select Turn Off.
  4. Toggle the setting off.

Note for customers with Apple devices:

Apple’s new releases of iOS 15 and macOS Monterey include an Internet privacy service called iCloud Private Relay. If this feature is enabled, Advanced Security won’t work. Learn more about iCloud Private Relay.

Advanced Security on the Go

Advanced Security on the go provides safe browsing and data protection to your mobile devices when you’re on the go.

This feature is only available to xFi Complete customers. For more information see, xFi Complete Frequently Asked Questions.

 
 

Frequently Asked Questions

What is xFi Advanced Security?
xFi Advanced Security helps you avoid accidentally visiting high-risk sites or downloading dangerous files. It also monitors your connected devices to identify unusual device activity and prevent unauthorized access attempts – alerting you every time there’s a security risk and suggesting steps you can take to keep your home network more secure. It adapts to your home network to better target security risks to your connected devices.

How do I access Advanced Security features in xFi?
Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway. Note: Advanced Security will not be available for Gateways in bridge mode or if you have a Cisco DPC3939.

If you haven't already, download the Xfinity app or visit the xFi website (xfinity.com/myxfi). You can turn on and access Advanced Security features (security status and threat details) from the Overview and Connect sections. To learn more, visit how to get started with xFi.

What are the different types of threats prevented with xFi Advanced Security?

  • Unauthorized Access Attempts
    This happens when an outside device tries to access a device connected to your home network. It usually happens through a forwarded port on your connected device. While forwarded ports are needed for certain apps and features to run properly, we recommend checking forwarded ports regularly and deleting the ones that aren’t in use. If you made the request (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Security Risk History and allow access for 30 days. Keep in mind, attackers may try to get access to access personal data or compromise your device. To help stop others from gaining access, use strong passwords and change them often.
  • Suspicious Site Visit
    This happens when Advanced Security stops a device that’s connected to your home network from visiting a site that could be dangerous. This site could have malware, spyware, ransomware, or viruses that could infect devices and make them at risk to personal data collection, blackmail, or attacks on other computers and networks. Sometimes, Advanced Security only blocks part of a page from loading (e.g., a banner ad) if there’s only one part that’s considered to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize high-risk content was blocked. If a full page is blocked, and you still want to visit it, you can allow access from within the app just go to the Security Risk History for your device and selectAllow Accessnext to the website you want to visit. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network.
  • Suspicious Device Activity
    Most smart home devices have regular traffic patterns and sites they visit. Suspicious Device Activity happens when a device shows unusual behavior, like connecting to an IP address that it doesn’t normally visit. Advanced Security blocks this suspicious activity, and when this happens it means your device may be compromised and action is needed. Whenever you encounter Suspicious Device Activity, please restart your device and make sure it’s running the latest software. For extra device protection, use strong passwords and change them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network, such as laptops, desktops and certain handheld devices.
  • Targeted Network Attack
    This happens when a device on your network has been infected with a virus or malware and has tried to attack another network. This is also called a Denial of Service attack. Advanced Security blocks these attacks, but if this happens, it means your device has been compromised and action is needed. Restart your device and make sure it’s running the latest software. For extra device protection, use strong passwords and change them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
  • IP Reputation Threats
    This happens when a device from a malicious source tries to access a device on your home network. Usually, IP Reputation Threats happen through forwarded ports on a device connected to your home network. These attacks try to gain access to a device to access personal information and/or compromise your devices. To keep your network safe, we automatically block access from high-risk sources. While you do need forwarded ports for certain apps and features to work, we recommend checking forwarded ports regularly and delete the ones that aren’t in use.

How is Advanced Security different from the Protected Browsing feature in xFi?
Protected Browsing is a feature in xFi available to customers who rent a Cisco DPC3939 Gateway. It prevents you from visiting websites that are known sources of malware, spyware and phishing. 

Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. It also blocks unknown sources from trying to access your connected devices and detects when these devices are acting in unusual ways that might mean your device has been infected by malicious software.

I received a notification that Advanced Security couldn't be set up. What should I do?

  1. Ensure your model of Gateway is currently eligible for Advanced Security.
  2. Sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview.
  3. Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from theOverviewpage.
  4. Once your Gateway is online again, sign back in to xFi.

How are threats detected with Advanced Security?
Whenever a device is connected to your home network, activity information is communicated via your Gateway. We collect certain information (e.g., data from packet headers, source and destination addresses) and other metadata for analysis. This traffic flow is monitored, along with the source and destination of the traffic. This helps Advanced Security find any security threats and, if needed, block potentially high-risk actions. We also update our Advanced Security blocking guidelines where we find new risks. If no risks or high-risk actions are found, you'll see in the Xfinity app that there are no security-risks to report. For your privacy, we don't collect personal information during this analysis or analyze encrypted traffic.

How can I be notified when a threat is detected?
You can receive notifications from the Xfinity app for the following threat types: unauthorized access attempts, suspicious device activity and targeted network attacks.

  1. From the Xfinity app, select the Account icon from the top-left corner of the Overview tab and then select Preferences under Notifications.
  2. Select Push Notifications to manage your notification preferences.

To enable Advanced Security notifications, select the checkbox next to Network Activity. Email and text notifications aren’t available at this time. Keep in mind, you can visit the Xfinity app any time to check the status of all threats.

I received a notification that a website I never visited was blocked. What does this mean?
In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from that's considered a risk (e.g., a banner ad). In that case, you won't see the blocked content while you’re browsing. When part of a page is blocked, you'll still receive a notification that the content from the website was blocked.

How many security risks should I expect to see?
It’s not easy to estimate the number of security risks you’ll see, since every network is different. It depends on how many and what kind of devices you have connected, as well as security settings, port forwards and other features you have on your home network. It’s not uncommon to have zero security risks for a week and then one to three security risks another week. The exception is people who play online games, they’re more likely to see more risks, since they usually have forwarded ports on their network. If you have forwarded ports, you could see hundreds of security risks in a week.

I haven’t had any security risks reported. How do I know that Advanced Security is working?
Potential security risks depend on how many and what kind of devices are connected to your home network, as well as security settings, port forwards and other features you might have activated on your home network. Don’t worry, even if you don’t get reports of any security risks, your home network is still being protected by Advanced Security.

Do all security risks require my attention?
There are two kinds of security risks: Those that need your attention and those that are for awareness only. While all security risks are immediately blocked, there are some where we’ll recommend further action to make sure they won’t happen again. Learn more about threat types:

  • Action Is Needed
    These include suspicious device activity, targeted network attacks and unauthorized access attempts, and might result in a device that’s vulnerable due to a virus or other malware. In these cases, we’ll recommend steps to secure your devices and remove any high-risk software. You'll have the option toAllow Accessfor unauthorized access attempts (30 days) if you'd like to override the block.
  • Awareness Only
    These include suspicious site visits. These warning threats that might provide insight into activity that's potentially risky. You’ll have the option toAllow Access(one hour for sites blocked by suspicious site visits) if you’d like to override the block.

If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security?
If you’re activating a compatible xFi Gateway and Advanced Security is turned on, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous security risk information will be cleared from your Advanced Security dashboard.

Will Advanced Security work on Disney Circle?
Yes, but since traffic for devices being monitored by Circle routes through the Circle device itself, security risks blocked by Advanced Security will show as security risks happening on your Circle device. Don’t worry, security risks are still blocked, but if any security risks that appear for Circle need attention, you might need to take action on the devices being monitored by Circle and not the Circle device.

Can I turn off Advanced Security?
Yes. To turn off the Advanced Security feature in xFi, select theAccounticon from the top-left corner of theOverviewtab on the Xfinity app and then selectxFi Advanced Security. From here, selectTurn OffunderxFi Advanced Securityand follow the on-screen prompts.

  • Note:By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network. You can re-enable the feature by following the same steps and selectingTurn On, or you can selectTurn Onfrom theConnecttab.

Can I use Advanced Security while having port forwarding or DMZ enabled?
If Advanced Security detects a known security risk targeted for the device with Port Forwarding, DMZ settings enabled, or UPnP open ports, it will block all traffic coming from its open ports as a measure of protection until the security risk is resolved. If you are unable to access a device from outside your home network, you have two options:

  • Allow Access: Go to the Connect section in the Xfinity app or xFi website, select Advanced Security then select the device you want to provide access to. Follow the instructions to Allow Access.
    • We recommend that you only use Allow Access when you are confident about who is accessing the device from outside the home network.
    • Note that the Allow Access feature will only permit access to the specific device you choose on the specified port using a specific source IP address for 30 days from the time you enable it.
  • Disable Advanced Security: Alternatively, you can choose to disable the Advanced Security feature. We do not recommend that you disable Advanced Security, as this removes Advanced Security’s protections from all of your devices. If you need access to a specific device, we recommend you keep Advanced Security turned on and follow the steps above to Allow Access on a device-by-device basis.

How do I report a website blocked by Advanced Security?
Advanced Security blocks websites that are determined to be risky. These sites could have malware, spyware, ransomware or viruses that could infect devices and make them at risk to personal data collection, blackmail, or attacks on other computers and networks.

If you are trying to access a website that you think is being mistakenly blocked by Advanced Security, submit a request for re-assessment atspa.xfinity.com. The request will be reviewed, and an update will typically be provided within three business days.

 

 

Additional Resources

https://www.xfinity.com/support/articles/getting-started-with-xfinity-xfi-advanced-security
https://www.xfinity.com/support/articles/using-xfinity-xfi-advanced-security
https://www.xfinity.com/support/articles/online-security-with-xfi-faqs
I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.tick
No Responses!
forum icon

New to the Community?

Start Here