Community Forum

xFi Advanced Security blocking sites

Highlighted
New Poster

xFi Advanced Security blocking sites

Hi - I recently purchased Family Tree Maker and started syncing it with my sizeable Ancestry.com tree. Apparently, xFi Advanced Security thought this was an attack and blocked it so that I couldn't get to it from any device or software. So now I have it disabled, but this is obviously not a solution. Can you whitelist this traffic so I can turn Advanced Security on again?

 

Thanks.

Highlighted
Expert

Re: xFi Advanced Security blocking sites

Try contacting the reps on this team;

 

Comcast Customer Security Assurance.

Business Hours: 6:00am - 2:00am EST, 7 days a week

Contact: 1-888-565-4329



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Frequent Visitor

Re: xFi Advanced Security blocking sites

I am having this exact same problem.  I first noticed it on Thursday, 5 Nov when I was sync'ing my Family Tree Maker with Ancestry.com.  The link froze, and afterward I could not access Ancestry.com from my desktop, laptop, iPad, or mobile phone on Chrome, Firefox, Edge, or Safari.  A traceroute to Ancestry.com (45.60.63.104) could not make it past my modem/router (10.0.0.1), so the problem was clearly internal.  [FYI--https://downforeveryoneorjustme.com showed that Ancestry.com was up, and it was just me that could not access the website.] After a failed Xfinity chat (the guy just disappeared after a few minutes), 2 sessions with Tier 1, and 1 session with Tier 2, they had me swap out my modem/router on Friday, 6 Nov.  It worked fine for a couple of days, until I once again tried to sync my Family Tree Maker tree with Ancestry.com late last night (8 Nov).   Once again, the connection froze up, and afterward I could no longer access Ancestry.com on any device on any browser, with the same traceroute results.  I had just installed the Xfinity xFi app on my mobile phone in order to set up the new modem/router, and when I later accessed the app it showed in the xFi Advanced Security "Threat History" that my desktop was involved in a "Targeted Network Attack" against "Target IP: 45.60.63.104" (Ancestry.com) at 11:55 p.m. on 8 Nov (the exact time that my Family Tree Maker was doing a sync with Ancestry).  The "Threat History" stated: "We blocked DESKTOP-XXX from attacking another network, but you'll need to take further action."  I ran a Full System Scan with Norton today (a 6-hour process), and it found no suspicious activity.  It seems clear to me that my computer was not involved in any denial-of-service attack on Ancestry.com as indicated by xFi Advanced Security; it was just doing a synchronization of my family tree between Family Tree Maker and Ancestry.com, as I have done hundreds of times before.  I am still not able to access Ancestry.com on any device in my household.  I will try the phone numbers suggested by "EG Expert" for the Comcast Customer Security Assurance Team tomorrow during working hours (1-888-565-4329) to see if they can fix this problem. Many thanks to SwChappell for his post describing this problem, and to EG Expert for trying to offer a route to a solution.

Highlighted
Frequent Visitor

Re: xFi Advanced Security blocking sites

Follow-up to my 9 November post:  Regarding my problem with xFi Advanced Security blocking my access to Ancestry.com, on 10 Nov I called Comcast Customer Security Assurance for help, per advice from this discussion thread.  The woman there was very polite, listened carefully, and recorded my problem in a new escalated trouble ticket, stating I would get a return phone call.  I turned off xFi Advanced Security so I could once again access Ancestry.com.

 

In about 6 hours I received a call from Comcast Security.  They wanted me to open a command window and run a traceroute and nslookup demonstrating the problem.  I turned xFi Advanced Security back on, and in the six hours since I had disconnected it from my account Comcast had removed the blockage to Ancestry.com.  I told the rep that I would have to reproduce the problem in order to give him the results.  He gave me a customer service e-mail address and the trouble ticket number (IH127956892) for my response.

 

At 9:30 p.m. 10 Nov  I began downloading my large 58,826 person family tree from Ancestry.com to Family Tree Maker on my desktop.  At 12:09 a.m. 11 Nov, xFi Advanced Security once again blocked my access to Ancestry.com, sending me a notification that my desktop was involved in a "Target Network Attack" on 45.60.63.104 (Ancestry.com).  Actually, my desktop was still in the middle of my family tree download, having downloaded 28,045 of the 40,966 media items attached to my family tree, and Family Tree Maker was still trying to download the rest of the media files when xFi Advanced Security blocked me.  As before, I could no longer access Ancestry.com from my desktop, laptop, iPad, or mobile phone on Chrome, Firefox, Edge, or Safari.  So I prepared an e-mail for Comcast with the following three attachments: (1) a screen shot of the time-stamped "Threat Warning" noting my desktop was purportedly involved in a denial-of-service attack against 40.60.63.104 (Ancestry.com); (2) a screen shot of a 30-hop traceroute to Ancestry.com (first hop was to my modem/router at 10.0.0.1, and the other 29 hops timed out with destination unreachable, and an nslookup showing Ancestry.com was at 45.60.63.104 and 45.60.108.104; and (3) a screenshot from https://downforeveryoneormustme.com showing that the Ancestry.com website was up and running, and it was just down for me.  I sent the e-mail at 2:19 a.m. 11 Nov.

 

Yesterday I called Comcast to get a status report.  The customer service rep stated that Comcast usually responds in 48 to 72 hours.  It has now been more than three days since I provided the requested information to Comcast on my escalated problem, and I have not heard back from Comcast.

 

Of course, I have turned off xFi Advanced Security so that I can continue to use Ancestry.com without being blocked.  I routinely download information from Ancestry.com to Family Tree Maker, so it is a huge inconvenience for them to continually block my access claiming that I might be involved with some bogus, nefarious denial-of-service attack.  I do not intend to turn xFi Advanced Security back on until Comcast can assure me that they have resolved this problem with their software.  I guess we'll see if I hear back from them.

Highlighted
Expert

Re: xFi Advanced Security blocking sites

@SwChappell 

 

Have you contacted that team ?



I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Frequent Visitor

Re: xFi Advanced Security blocking sites

Yes, I contacted them and gave them all the information from the three times that xFi Advanced Security has blocked my ancestry.com access (see my two long posts on this thread).  It has been almost 4 days since I sent them a traceroute and nslookup that they requested, and I've had no further response.  I also just saw a thread on the Family Tree Maker Facebook page where others are reporting being blocked from just ancestry.com on all devices (just like us), and lots of experts trying to understand and troubleshoot the cause.  I made a post there as well, in case xFi Advanced Security is also causing their problem.  I included the xFi Customer Security Assurance phone number there, in case others are having the same problem.  We'll see.

Highlighted
New Poster

Re: xFi Advanced Security blocking sites

No, I haven't contacted them yet. My experience with them in the past has been relatively poor, and I'm not really sure it's worth the hassle for me to be able to use Advanced Security. I have enough additional security in software and devices that I'm not sure what it's buying me, anyway.

Highlighted
Frequent Visitor

Re: xFi Advanced Security blocking sites

Today is 18 November 2020, and it has been one week since I provided Comcast Customer Security Assurance with all the additional information they requested to look into the problem of xFi Advanced Security blocking my access to Ancestry.com (45.60.63.104) when I do a sync of my family tree at Ancestry.com with my Family Tree Maker software (something I do routinely, without problems before Comcast turned on xFi Advanced Security around the beginning of November 2020).  I was told by two different customer reps at Comcast Customer Security Assurance that I would be contacted in about 48 to 72 hours.  That has not happened.  I've heard nothing in over a week.  Is this typical of the customer service with this group?

Highlighted
Frequent Visitor

Re: xFi Advanced Security blocking sites

CONCLUSION:  After waiting 8 days for a response from Comcast Customer Security Assurance (a response two different reps said I would get in 48 to 72 hours), I called Comcast to get an update on what they were doing to solve the problem of xFi Advanced Security blocking my access to Ancestry.com when doing a sync or download of a large family tree from Ancestry.com to my Family Tree Maker software.  The Level 2 technician said that if I wanted to continue to use my Family Tree Maker software, I would have to turn off xFi Advanced Security.  He said that they are unable to modify their security product in order to solve this problem.  I'm not sure if Comcast is "unable" or "unwilling" to make such a change, but the bottom line is they do not intend to fix the problem.  So, if anyone else is having this problem, don't bother calling Comcast because they will not provide any assistance.  Just take their own advice and abandon their security product.

 

I asked the technician if he had any advice about protecting my computers, since Comcast is removing their free access to Norton products at the end of the year, and I could no longer use Xfinity's xFi Advanced Security--the only other option Comcast provides.  His response was that I would have to acquire my own antivirus capability.  At least he was honest, even if it isn't the most customer friendly advice.

Highlighted
New Poster

Re: xFi Advanced Security blocking sites

That is pretty much what I expected. If there were a way to whitelist, they'd have provided the capability in the software, or a faq to provide the process. I've worked in infosec, unbelieveable that a product wouldn't provide such a basic control.

 

As far as Norton products, I abandoned them years ago. I've been using Bitdefender for the past few years and been pretty happy with it. These days, there are a lot of good products out there, and many better than what used to be the big two (Norton and McAfee). Good luck with it.