Unknown devices on my network.

It's quite a bit more than just the mac address, OS and local IP info traffic sniffing.  You are also legally responsible for traffic originating from your internet connection, and it's your door they will be coming to, and you can be charged with a crime if one of your neighbors is doing "something" illegal while connected to your network, either intentionally or unintentionally.  

An MoCA point of entry filter is a Band-Aid to mask a problem that shouldn't exist, and can be quite difficult to maintain in an apartment situation where you may not have access to your service line and the "point of entry" feeding the coax jacks in your apartment, and cable installs may change over time.  Filters can be removed (if they were ever installed), and wiring can be cobbled together in different ways with splitters.

An option is to install an MoCA filter on the back of your gateway to defeat ALL coax MoCA devices.  A TV set top box won't be able to connect to your network, and might not work, but it may connect to one of your neighbors and run up their data use sticking them with the bill.  You can get and MoCA point of entry filter on Amazon for around $10, or order one at Walmart.  If there is an Xfinity store by you, people report you can get one there for free.  It would be cheap legal insurance. 

A better option is to just not use an MoCA enabled gateway, and coax connected TV boxes.  Then you don't have the problem.  There are other security concerns as well with remotely controlled/managed critical infrastructure managed by the least secure device you own -- a phone app.  Also with public WiFi connections to your equipment, and a security system radio sharing the same memory and CPU -- that's an exploit waiting to happen.  Outsourced hardware/firmware embedded product using closed source firmware, that may never get patched even if there is a problem is another issue.  There are no release notes for firmware updates, they just shove them silently, and Xfinity does not report previous vulnerabilities to anyone. 

You really are on your own for security.  I'd also suggest making or buying a firewall appliance with local-LAN-only management, and running ALL traffic through that including WiFi to help manage your data.  That implies NOT using anyone's gateway.  Just a cable modem.  If that has a security problem, you've got another layer of security before your equipment.                

@iAwwad Can I ask that you reach out privately, so we can cover the details of your account. You can start by clicking the chat icon located in the top right corner of your forums page when signed in. Once there, you can direct your messages to "Xfinity Support." Please add your full name and service address to help us locate your account. Let me know if you have any questions.