ANSWERED: What is Xfinity xFi Advanced Security and how does it work?

Xfinity xFi Advanced Security delivers a smarter, more personalized security solution for your home network. From computers and mobile phones to home security cameras and smart thermostats, Advanced Security protects all of your connected devices for added peace of mind.

Advanced Security is available at no cost to Xfinity Internet subscribers who rent a compatible xFi Gateway.

Features and benefits

FEATURES

• Helps you avoid accidentally visiting risky sites and becoming a victim of phishing attacks.
• Blocks remote access to smart devices, like home cameras, from known dangerous sources.
• Helps monitor devices real-time and alerts you when devices are behaving in unusual ways that could indicate a network security risk.
• Adapts to your home network and gets smarter to keep up with new security risks over time.
• Provides real-time notifications and a dashboard to easily view and manage security risks right from the Xfinity app.
  
  

BENEFITS

• No additional hardware to install — all you need is a compatible xFi Gateway.
• No software to install on your individual devices — your entire network is protected once Advanced Security is enabled.
  
  

Note: If you're trying to access a website that you think is being mistakenly blocked by Advanced Security, submit a request for reassessment at spa.xfinity.com. For more details, see Report a Website Blocked by Xfinity xFi Advanced Security.

Getting access

You can turn on Advanced Security from the Security tab in the Xfinity app. Simply click on the Advanced Security tile and follow the steps to enable Advanced Security.

Note: It may take up to 10 minutes to fully enable Advanced Security.

To view the Advanced Security Dashboard, select the Advanced Security tile from the Security tab in the Xfinity app. Learn more about using xFi Advanced Security and Comcast's commitment to Privacy and Security.

Equipment requirements

Advanced Security is supported by all xFi Gateways except the Cisco DPC3939 Gateway.

Note: Advanced Security cannot be enabled on Gateways in Bridge Mode.

Enabling Advanced Security

Advanced Security can be turned on multiple ways through the Xfinity app.

If you’re activating a new gateway with the Xfinity app, you’ll have the option to enable Advanced Security while activating the gateway.

If you have an activated xFi Gateway and Advanced Security isn’t enabled, you can:

1. Enable it from Overview.
   • If you don’t have Advanced Security enabled, tap the card on the Overview prompting you to turn it on.
     • Tapping the card will walk you through turning it on.
2. Enable it from the Security tab.
   • If you don’t have Advanced Security enabled, you’ll see a light blue box at the top of the Security tab prompting you to turn it on.
     • Tapping Turn it on will walk you through turning it on.
   • If you don’t see the option at the top of the Security tab, you can also turn it on by scrolling down and selecting Advanced Security.
     
     

Note: It can take up to 10 minutes to fully enable Advanced Security.

Security Status

Once turned on, you can find a status of security activity in the header of the Overview section of the Xfinity app.

Advanced Security dashboard

To view the Advanced Security dashboard, tap the Security tab and then Advanced Security. The Dashboard gives you a comprehensive view of security risks detected during the past seven days and a list of devices that have been impacted.

Manage security risks

Threats are split into two main categories: those that are for awareness only and those that require attention. While all security risks are immediately blocked, there are some where we’ll recommend further action to make sure they won’t happen again.

AWARENESS-ONLY THREATS

These include suspicious site visits. This doesn't require any action, but you'll be alerted that the activity is potentially risky. To view additional details, select the device from the Advanced Security dashboard.

The threat details page will provide a list of risks associated with a given device, for example when the device has been blocked from visiting a dangerous website.

Any time a device is blocked from accessing a site, you can select Allow Access to access the site for up to one hour. Learn more about the threat types.

ACTION NEEDED

These include targeted network attacks, suspicious device activity and unauthorized access attempts. When these security risks occur, they might result in a device that's vulnerable due to a virus or malware.

We recommend you take further action to secure your device. If a security risk requires your attention, you’ll see an alert at the top of the Dashboard indicating how many require your attention. Select the device to access the threat details page and to take action.

The threat details page will provide a list of security risks that have been blocked but require your attention to ensure they don’t return. Select Help Me Fix It for tips on how to resolve the threat. Learn more about threat types.

Report a website blocked by Advanced Security

Advanced Security blocks websites that are determined to be potentially dangerous. These sites may contain malware, spyware, ransomware or viruses that can infect devices and make them vulnerable to personal data collection, blackmail or attacks on other computers and networks.

If you are trying to access a website that you think is being mistakenly blocked by Advanced Security, submit a request for re-assessment at spa.xfinity.com. The request will be reviewed, and an update will typically be provided within three business days.

For more details, see report a website blocked by Xfinity xFi Advanced Security.

Tips to resolve security risks

Depending on the nature of the security risk that requires your attention, the following tips can help you protect your device:

• Quarantine your device.
  
  • If one of your devices has been compromised, you can use xFi to pause its access or disconnect it from your home network.
  • This will keep it from endangering other devices on your network.
• Update your software.
  
  • Keep your device’s software or firmware current to ensure you’ve got the latest security updates.
  • Use the update feature usually found in your device’s settings or check with the device manufacturer.
• Restart your device.
  
  • After updating your device’s software, be sure it restarts.
  • This will complete the update and also, stop any existing communication with malicious sites.
• Check your port forwards.
  
  • Open ports on your home network give potential access to malicious attackers.
  • Ensure your port forwards are set up correctly for your devices.
  • Learn about port forwards and how to set them up using xFi.
• Disable demilitarized zone (DMZ).
  
  • Enabling DMZ may resolve a device communication issue, but it's a security risk.
  • If a device needs to be accessible to outside sources, we recommend using port forwarding instead.
  • To disable DMZ:
    • Sign in to the Xfinity app with your Xfinity ID and password.
    • Select WiFi.
    • Select View WiFi equipment.
    • Scroll down to select Advanced settings.
    • Choose DMZ.
    • Select Edit to access the setting.
    • Deselect the checkbox next to Enabled.
    • Select Apply Changes.

Tips to access a blocked device

If Advanced Security detects a known threat targeted for the device with Port Forwarding, DMZ settings enabled or UPnP open ports, it will block all traffic coming from its open ports as a measure of protection until the security risk is averted. If you are unable to access a device from outside your home network, you have two options:

• Allow Access: In the Xfinity app, tap on the Security tab and then Advanced Security to view the security risk Dashboard.
  • Find the list of security risks, identify the unauthorized access attempt for the device you want to provide access to, and follow the instructions to Allow Access.
  • We recommend that you only use Allow Access when you are confident about who is accessing the device from outside the home network.
  • Note that the Allow Access feature will only permit access to the specific device you choose on the specified port using a specific source IP address for 30 days from the time you enable it.
• Disable Advanced Security: Alternatively, you can choose to turn off Advanced Security.
  • We do not recommend that you turn off Advanced Security, as this removes Advanced Security’s protections from all of your devices.
  • If you need access to a specific device, we recommend you keep Advanced Security turned on and follow the steps above to Allow Access on a device-by-device basis.

Real-time notifications

Receive real-time updates about changes to your WiFi settings and network access, as well as any new network activity, like when a device first joins your network or when a profile is nearing the end of the active time set.

Learn how to enable notifications.

Disable Advanced Security

To disable Advanced Security in the Xfinity app, follow the steps below.

Note: Once disabled, you’ll lose 24/7 risk monitoring and real-time reporting on your home network.

1. Go to the Security tab.
2. Select Advanced Security.
   
3. Select Advanced Security under Settings.
4. You'll see a pop-up window. Select Turn Off.
   
   

Note for customers with Apple devices: Apple’s new releases of iOS 15 and macOS Monterey include an internet privacy service called iCloud Private Relay. If this feature is enabled, Advanced Security won’t work. Learn more about iCloud Private Relay.

Advanced Security on the go

Advanced Security on the go provides safe browsing and data protection to your mobile devices when you’re on the go. The featured can be turned on or off using the instructions above.

This feature is only available to xFi Complete customers. For more information, see xFi Complete FAQs.

Additional Resources