ANSWERED: What is Xfinity xFi Advanced Security and how does it work?
Getting Started with Xfinity xFi Advanced Security
Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway.
Features and Benefits
- Prevents you from inadvertently visiting malicious sites and becoming a victim of phishing attacks.
- Blocks remote access to smart devices, like home cameras, from unknown or dangerous sources.
- Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network threat.
- Adapts to your home network and gets smarter to keep up with new threats over time.
- Provides real-time notifications and a dashboard to easily view and manage threats right from the Xfinity xFi app or website.
- No additional hardware to install; all you need is a compatible xFi Gateway.
- No software to install on your individual devices; your entire network is protected, once Advanced Security is enabled.
Getting AccessAdvanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway.
Simply download the Xfinity xFi app or visit the website at xfinity.com/myxfi and log in to enable the feature. You can access the Advanced Security Dashboard from the Overview or Network sections. Learn more about using xFi Advanced Security and Comcast's commitment to Privacy and Security.
Equipment RequirementsThese xFi Gateways support xFi Advanced Security:
- xFi Wireless Gateway
- Arris TG1682G
- Cisco DPC3941T
- xFi Advanced Gateway
- Arris TG3482G
- Technicolor CGM4140COM
- xFi Gateway (3rd Generation)
- Technicolor CGM4331COM
- xFi Fiber Gateway
- Arris X5001
- Arris X5001
Using Xfinity xFi Advanced Security
Whenever a threat is detected, it’s automatically blocked and you are notified in xFi and given tips on how to resolve.
Receive real-time updates about threats to your network that require immediate attention by turning on notifications in xFi. To do this, log into the Xfinity xFi app and tap on the speech bubble in the top-left corner, then tap on the gear icon. Select Push Notifications, then check the box next to Network Activity.
See above about starting with xFi Advanced Security to learn about eligibility requirements and how to access this feature.
Security StatusYou can find a status of security activity in the Overview section of the xFi app or website ( xfinity.com/myxfi).
To view additional threat details or to resolve any threats that require your attention, select View Affected Device(s) to be taken to the Dashboard.
Advanced Security DashboardThe Dashboard gives you a comprehensive view of threats detected during the past seven days and a list of devices that have been impacted by threats.
Managing ThreatsThreats are split into two main categories: Those that are for awareness only and those that require attention.
Some threats won’t require any action, but you will still be alerted. These include Suspicious Site Visits. To view additional details when no action is required, select the device from the Advanced Security dashboard.
The threat details page will provide a list of threats associated with a given device, for example when the device has been blocked from visiting a dangerous website.
Any time a device is blocked from accessing a site, you can opt to allow it to access. Keep in mind that by doing so, you may be putting your network at risk and making it vulnerable to malicious activity. Access will be limited to a certain amount of time due to this risk. Learn more about the threat types.
Threats that Require Attention
Some threats, such as a Targeted Network Attack, Suspicious Device Activity or Unauthorized Access Attempt, may require you to take further action. If a threat requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action.
The threat details page will provide a list of threats that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.
Tips to Resolve ThreatsDepending on the nature of the threat that requires your attention, the following tips can help you take action to resolve the threat.
- Quarantine Your Device
If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network. This will keep it from endangering other devices on your network.
- Update Your Software
Keep your device’s software or firmware current to ensure you’ve got the latest security updates. Use the update feature usually found in your device’s settings or check with the device manufacturer.
- Run Antivirus Software
One of the best ways to defend against network threats is by running antivirus software. If you haven’t already, install a software program, keep it updated, and run scheduled scans to keep devices free from viruses. Learn more about how to Download Norton Security Online for your PC, Mac and Android devices.
- Restart Your Device
After updating your device’s software, be sure it restarts. This will complete the update and also, stop any existing communication with malicious sites.
- Check Your Port Forwards
Open ports on your home network give potential access to malicious attackers. Ensure your port forwards are set up correctly for your devices. Learn about port forwards and how to set them up using xFi.
- Disable DMZ
Enabling DMZ (a demilitarized zone) may resolve a device communication issue, but it's a security risk. If a device needs to be accessible to outside sources, we recommend using port forwarding instead. You can disable DMZ by navigating to the Network section and selecting Advanced Settings. Next, select DMZ and then Edit to access the setting. Deselect the checkbox next to Enabled, and select Apply Changes.
Disabling and Re-Enabling Advanced SecurityYou can disable the Advanced Security feature in xFi by navigating to More and selecting My Services. From here, select Disable under xFi Advanced Security and follow the on screen prompts.
Once disabled, you will lose 24/7 threat monitoring and real-time reporting on your home network.
If you have disabled the Advanced Security feature, you can re-enable it by navigating to More and selecting My Services. From here, select Enable under xFi Advanced Security and follow the on screen prompts.
Frequently Asked Questions
xFi Advanced Security gives added peace of mind for your home network by preventing you from inadvertently visiting malicious sites or downloading dangerous files, as well as blocking remote access to smart devices from unknown or dangerous sources. Advanced Security monitors devices real-time and will alert you when devices are behaving in unusual ways that could indicate a network threat. It will also adapt to your home network and get smarter over time to keep up with new threats.
How do I access Advanced Security features in xFi?
Advanced Security is available to Xfinity Internet subscribers who rent one of the following compatible xFi Gateways (Arris 1682G, Cisco 3941T, Arris 3482G, Technicolor CGM4140COM, Techincolor CGM4331COM or Arris X5001).
If you haven't already, download the Xfinity xFi app or visit the xFi website ( xfinity.com/myxfi ). Once you log in, Advanced Security will be enabled. You can access Advanced Security features (security status and threat details) from the Overview and Network sections. To learn more, visit how to get started with xFi for details.
(Please note that Advanced Security will not be available if your Gateway is in bridge mode or if you have a Cisco DPC3939 model.)
What are the different types of threats prevented with xFi Advanced Security?
- Unauthorized Access Attempts
An Unauthorized Access Attempt occurs when an outside device tries to access another device connected to your home network. Typically, Unauthorized Access Attempts occur through open port forwards on your connected device. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don’t need to be open. If the request is legitimate (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Threat History and allow access for 30 days. Keep in mind, attackers may try to exploit access to obtain personal data or compromise your device. To prevent others from gaining such access, remember to use strong passwords and change them regularly.
- Suspicious Site Visit
A Suspicious Site Visit occurs when we stop a device that’s connected to your home network from visiting a potentially dangerous site. This site may contain malware, spyware, ransomware, or viruses that can infect devices and make them vulnerable to personal data collection, blackmail, or attacks on other computers and networks. Often, we’ll block just a part of a page from loading (e.g., a banner ad) if there’s only one component that’s deemed to be malicious. If this happens, you’ll still be able to load the rest of the page and may not even realize malicious content was blocked. The Threat History lists all of the blocked Suspicious Site Visits, including the specific site that was blocked, and the reason why it was blocked. If a full page is blocked, and you still want to visit it despite the potential risk, access can be allowed for one hour. To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain hand-held devices.
- Suspicious Device Activity
Most smart home devices have predictable traffic patterns and sites they contact. Suspicious Device Activity occurs when a device deviates from its normal behavior, like connecting to an IP address that it doesn’t normally interact with. We’ll block this suspicious activity to avoid data theft, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter Suspicious Device Activity, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network, such as laptops, desktops and certain handheld devices.
- Targeted Network Attack
A Targeted Network Attack occurs when a device on your network has been infected with a virus or malware and, as a result, has tried to participate in an attack on another network. This type of attack is also known as a Denial of Service attack. We’ll block this type of attack, but the occurrence itself indicates that the security of the device may have been compromised and corrective action is needed. For this reason, whenever you encounter a Targeted Network Attack, please restart your device and verify that it’s running the latest software. To further protect your devices, we highly recommend using strong passwords and changing them regularly. We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
- IP Reputation Threats
An IP Reputation Threat occurs when a device that we've identified as coming from a known malicious source tries to access a device on your home network. Typically, IP Reputation Threats occur through open ports on a device connected to your home network. The goal of the attack is to gain access to a device, for example to obtain personal information and/or compromise your devices. To keep your network safe, we automatically block access attempts from known malicious sources. While open ports are needed for certain apps and features to run properly, we recommend reviewing open ports on a regular basis and deleting those which don't need to be open.
How is Advanced Security different from the Protected Browsing feature in xFi?
Protected Browsing is a feature in xFi available to customers who rent a Cisco DPC3939 Gateway. It prevents you from visiting websites that are known sources of malware, spyware and phishing.
Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. In addition, Advanced Security also blocks unknown sources from trying to access your connected devices and detects when your connected devices are behaving in unusual ways that could indicate your device has been infected by malicious software. Plus, Advanced Security is always learning so it keeps up with new security threats in real-time.
I received a notification that Advanced Security couldn't be set up. What should I do?
- First, sign in to xFi and make sure your Gateway is online. You should see "Gateway Online" in the header of the Overview.
- Then, restart your Gateway to install the latest software. You may need to restart twice for the full install. You can do this from the Overview page.
- Once your Gateway is online again, sign back in to xFi.
Are all of my devices protected by xFi Advanced Security?
All devices connected to your Xfinity home network receive protection. However, there may be exceptions that prevent full protection, and we do not guarantee that your devices will be completely harm-free. The following devices are not fully protected:
- Vivint Smart Drive (formerly referred to as Space Monkey)
- This device continues to be protected against known threats, such as malicious websites, IP reputation threats and denial of service threats.
- Due to this device’s configuration, it is not protected against unknown threats such as unauthorized access attempts.
How are threats detected with Advanced Security?
Whenever a device is connected to your home network, activity information is transmitted through your Gateway. We gather that information, which includes data from packet headers, source and destination addresses, and other metadata for analysis. This traffic flow is constantly being monitored, along with the source and destination of the traffic. This helps us determine any associated risks and, if needed, block potentially malicious actions. We also update the parameters for blocking to reflect newly-discovered known dangers and risks. If no risks or potentially malicious actions are detected, you'll see in the app that there are no threats to report. For your privacy, we don't gather personal information during this analysis, nor is any encrypted traffic analyzed.
How can I be notified when a threat is detected?
You can receive a push notification from the xFi mobile app for the following threat types: Unauthorized Access Attempts, Suspicious Device Activity and Targeted Network Attacks.
- From the Xfinity xFi app, select the conversation icon in the upper left-hand corner for the Notification Center.
- Select the gear icon.
- Select Push Notifications to manage your notification preferences.
To enable Advanced Security notifications, select the checkbox next to Network Activity . Email and text notifications aren’t available at this time. Keep in mind, you can visit the Xfinity xFi app any time to check the status of all threats.
I received a notification that a website I never visited was blocked. What does this mean?
In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from loading (e.g., a banner ad) that is considered potentially dangerous. In that scenario, you won't see the blocked content while you’re browsing. When part of a page is blocked, you'll still receive a notification informing you the website associated with that content was blocked.
How many threats should I expect to see?
It's difficult to estimate a typical threat number, since each home is different. It depends on the number and type of devices, as well as different factors like the security mode, port forwards and other settings you have for your home network. However, it’s not uncommon to have no threats for a week and then one to three threats another week. Those who play online games are more likely to encounter more threats, since they are more likely to have open ports on their network. It’s not uncommon to see hundreds of threats weekly if you have open ports.
I haven’t had any threats reported. How do I know that Advanced Security is working?
Potential threats are dependent upon the number and type of devices connected to your home network, as well as factors like the security mode, port forwards and other settings you have configured. Rest assured, even if you haven't received reports of any threats, your home network is still being protected by Advanced Security.
Do all threats require my attention?
Threats are split into two main categories: Those that require your attention and those that are for awareness only. While all threats are immediately blocked, there are somewhere we’ll recommend further action to ensure they won’t occur again. Learn more about threat types .
- Attention Required
These include Suspicious Device Activity, Targeted Network Attacks and Unauthorized Access Attempts, and may result in a device that’s vulnerable due to a virus or other malware. In such cases, we’ll recommend steps to secure your devices and remove any malicious software. You'll have the option to Allow Access for Unauthorized Access Attempts (30 days) if you'd like to override the block.
- Awareness Only
These include Suspicious Site Visits. Consider these warning threats that may provide insight into potentially dangerous activity. You’ll have the option to Allow Access (one hour for sites blocked by Suspicious Site Visits) if you’d like to override the block.
If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security?
If you’re activating a compatible xFi Gateway, Advanced Security should automatically be enabled on the new Gateway within 15 minutes after activation. Please note that all previous threat information will be cleared from xFi and xFi Advanced Security.
Will Advanced Security work on Disney Circle?
Yes. However, since traffic for devices being monitored by Circle routes through the Circle device itself, any threat that Advanced Security blocks for the monitored devices will appear as if it’s happening on the Circle device. Rest assured, threats are still blocked, but if any threats that appear for Circle need attention, you may need to take action on the devices being monitored by Circle and not the Circle device itself.
Can I disable Advanced Security?
Yes. To disable the Advanced Security feature in xFi, navigate to More and select My Services . Then, select Disable under xFi Advanced Security and follow the on-screen prompts.
- Note: By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network. You can re-enable the feature following the same steps and selecting Enable.