Online security with xFi — FAQs

Check out these FAQs about Advanced Security while using Xfinity xFi.

Note for customers with Apple devices: If you have Apple's iCloud Private Relay feature enabled, Advanced Security won’t work. Learn more about iCloud Private Relay.

Advanced Security

What is xFi Advanced Security?
xFi Advanced Security helps you avoid accidentally visiting high-risk sites or downloading dangerous files. It also monitors your connected devices to identify unusual device activity and prevent unauthorized access attempts, alerting you every time there’s a security risk and suggesting steps you can take to keep your home network more secure. It adapts to your home network to better target security risks to your connected devices.

How do I access Advanced Security features in xFi?
Advanced Security is available to Xfinity Internet subscribers who rent a compatible xFi Gateway.

Note: Advanced Security will not be available for gateways in bridge mode or if you have a Cisco DPC3939.

If you haven't already, download the Xfinity app. You can turn on and access Advanced Security features (security status and threat details) from the Security tab. To learn more, visit how to get started with xFi.

What are the different types of threats prevented with xFi Advanced Security?

• Unauthorized Access Attempts
  • This happens when an outside device tries to access a device connected to your home network.
    • It usually happens through a forwarded port on your connected device.
    • While forwarded ports are needed for certain apps and features to run properly, we recommend checking forwarded ports regularly and deleting the ones that aren’t in use.
  • If you made the request (e.g., if you’re trying to access your home security camera from a local coffee shop) you can locate the blocked threat in your Security Risk History and allow access for 30 days.
  • Keep in mind, attackers may try to get access to access personal data or compromise your device.
  • To help stop others from gaining access, use strong passwords and change them often.
• Suspicious Site Visit
  • This happens when Advanced Security stops a device that’s connected to your home network from visiting a site that could be dangerous.
    • This site could have malware, spyware, ransomware or viruses that could infect devices and make them at risk to personal data collection, blackmail or attacks on other computers and networks.
  • Sometimes, Advanced Security only blocks part of a page from loading (e.g., a banner ad) if there’s only one part that’s considered to be malicious.
    • If this happens, you’ll still be able to load the rest of the page and may not even realize high-risk content was blocked.
    • If a full page is blocked and you still want to visit it, you can allow access from within the app.
    • Go to the Security Risk History for your device and select Allow Access next to the website you want to visit.
  • To further reduce the risk of infection, we highly recommend installing and running up-to-date antivirus software for devices connected to your network.
• Suspicious Device Activity
  • Most smart home devices have regular traffic patterns and sites they visit.
  • Suspicious Device Activity happens when a device shows unusual behavior, like connecting to an IP address that it doesn’t normally visit.
    • Advanced Security blocks this suspicious activity; when this happens, it means your device may be compromised and action is needed.
  • Whenever you encounter Suspicious Device Activity, please restart your device and make sure it’s running the latest software.
  • For extra device protection, use strong passwords and change them regularly.
    • We also suggest installing and running up-to-date antivirus software for devices connected to your network, such as laptops, desktops and certain handheld devices.
• Targeted Network Attack
  • This happens when a device on your network has been infected with a virus or malware and has tried to attack another network.
    • This is also called a Denial of Service attack.
  • Advanced Security blocks these attacks; if this happens, it means your device has been compromised and action is needed.
    • Restart your device and make sure it’s running the latest software.
  • For extra device protection, use strong passwords and change them regularly.
    • We also suggest installing and running up-to-date antivirus software for devices connected to your network such as laptops, desktops and certain handheld devices.
• IP Reputation Threats
  • This happens when a device from a malicious source tries to access a device on your home network.
  • Usually, IP Reputation Threats happen through forwarded ports on a device connected to your home network.
    • These attacks try to gain access to a device to access personal information and/or compromise your devices.
  • To keep your network safe, we automatically block access from high-risk sources.
  • While you do need forwarded ports for certain apps and features to work, we recommend checking forwarded ports regularly and delete the ones that aren’t in use.
    
    

How do I report a website blocked by Advanced Security?
Advanced Security blocks websites that are determined to be risky. These sites could have malware, spyware, ransomware or viruses that could infect devices and make them at risk to personal data collection, blackmail, or attacks on other computers and networks.

If you're trying to access a website you think is being mistakenly blocked by Advanced Security, submit a request for reassessment at spa.xfinity.com. The request will be reviewed, and an update will typically be provided within three business days.

For more information, see Report a Website Blocked by Xfinity xFi Advanced Security.

How is Advanced Security different from the Protected Browsing feature in xFi?
Protected Browsing is a feature in xFi available to customers who rent a Cisco DPC3939 Gateway. It prevents you from visiting websites that are known sources of malware, spyware and phishing.

Advanced Security adds even more protection for your devices. At times, it may block an entire website. Other times, it may only block portions of a site, such as banner ads, icons, etc. It also blocks unknown sources from trying to access your connected devices and detects when these devices are acting in unusual ways that might mean your device has been infected by malicious software.

I received a notification that Advanced Security couldn't be set up. What should I do?

1. Ensure your model of gateway is currently eligible for Advanced Security.
2. Sign in to the Xfinity app and make sure your gateway is online.
   • You should see "Looking good. Your network is online" in the header of the Overview.
3. Then, restart your gateway to install the latest software.
   • You may need to restart twice for the full install.
   • You can do this from a card on the Overview page.
4. Once your gateway is online again, sign back in to the Xfinity app.
   
   

How are threats detected with Advanced Security?
Whenever a device is connected to your home network, activity information is communicated through your gateway.

• We collect certain information (e.g., data from packet headers, source and destination addresses) and other metadata for analysis.
  • This traffic flow is monitored, along with the source and destination of the traffic.
  • This helps Advanced Security find any security threats and, if needed, block potentially high-risk actions.
• We also update our Advanced Security blocking guidelines where we find new risks.
  • If no risks or high-risk actions are found, you'll see in the Xfinity app that there are no security risks to report.
  • For your privacy, we don't collect personal information during this analysis or analyze encrypted traffic.
    
    

How can I be notified when a threat is detected?
You can receive notifications from the Xfinity app for the following threat types: unauthorized access attempts, suspicious device activity and targeted network attacks.

1. From the Xfinity app, select the Account icon from the bottom right.
2. Tap Account settings and then Notification settings.
3. Tap Push Notifications to manage your notification preferences.
   
   

To enable Advanced Security notifications, select the checkbox next to Network Activity. Email and text notifications aren’t available at this time. Keep in mind, you can visit the Xfinity app any time to check the status of all threats.

I received a notification that a website I never visited was blocked. What does this mean?
In some cases, Advanced Security will allow you to access a site (or application) and will only block part of the page from that's considered a risk (e.g., a banner ad). In that case, you won't see the blocked content while you’re browsing. When part of a page is blocked, you'll still receive a notification that the content from the website was blocked.

How many security risks should I expect to see?
It’s not easy to estimate the number of security risks you’ll see, since every network is different. It depends on how many and what kind of devices you have connected, as well as security settings, port forwards and other features you have on your home network.

• It’s not uncommon to have zero security risks for a week and then one to three security risks another week.
• The exception is people who play online games; they’re more likely to see more risks, since they usually have forwarded ports on their network.
• If you have forwarded ports, you could see hundreds of security risks in a week.
  
  

I haven’t had any security risks reported. How do I know that Advanced Security is working?
Potential security risks depend on how many and what kind of devices are connected to your home network, as well as security settings, port forwards and other features you might have activated on your home network. Don’t worry, even if you don’t get reports of any security risks, your home network is still being protected by Advanced Security.

Do all security risks require my attention?
There are two kinds of security risks: Those that need your attention and those that are for awareness only. While all security risks are immediately blocked, there are some where we’ll recommend further action to make sure they won’t happen again. Learn more about threat types:

• Action Is Needed
  • These include suspicious device activity, targeted network attacks and unauthorized access attempts, and might result in a device that’s vulnerable due to a virus or other malware.
    • In these cases, we’ll recommend steps to secure your devices and remove any high-risk software.
    • You'll have the option to Allow Access for unauthorized access attempts (30 days) if you'd like to override the block.
• Awareness Only
  • These include suspicious site visits.
    • These warning threats that might provide insight into activity that's potentially risky.
    • You’ll have the option to Allow Access (one hour for sites blocked by suspicious site visits) if you’d like to override the block.
      
      

If I swap out my xFi Gateway for a new one, or move and transfer my Xfinity Internet service to a new address, will I still be protected by Advanced Security?
If you’re activating a compatible xFi Gateway and Advanced Security is turned on, Advanced Security should automatically be enabled on the new gateway within 15 minutes after activation. Please note that all previous security risk information will be cleared from your Advanced Security dashboard.

Will Advanced Security work on Disney Circle?
Yes, but since traffic for devices being monitored by Circle routes through the Circle device itself, security risks blocked by Advanced Security will show as security risks happening on your Circle device. Don’t worry, security risks are still blocked, but if any security risks that appear for Circle need attention, you might need to take action on the devices being monitored by Circle and not the Circle device.

Can I turn off Advanced Security?
Yes. To turn off the Advanced Security feature in the Xfinity app:

1. Go to the Security tab.
2. Select Advanced Security.
3. Select Turn Off under Advanced Security and follow the on-screen prompts.
   
   

Notes:

• By disabling, you’ll lose 24/7 threat monitoring and real-time reporting on your home network.
• You can re-enable the feature by following the same steps and selecting Turn On, or you can select Turn On from the Security tab.
  
  

Can I use Advanced Security while having port forwarding or DMZ enabled?
If Advanced Security detects a known security risk targeted for the device with Port Forwarding, DMZ settings enabled, or UPnP open ports, it will block all traffic coming from its open ports as a measure of protection until the security risk is resolved. If you are unable to access a device from outside your home network, you have two options:

• Allow Access: Go to the Security section in the Xfinity app, select Advanced Security then select the device you want to provide access to.
  • Follow the instructions to Allow Access.
    • We recommend that you only use Allow Access when you are confident about who is accessing the device from outside the home network.
  • Note: The Allow Access feature will only permit access to the specific device you choose on the specified port using a specific source IP address for 30 days from the time you enable it.
• Disable Advanced Security: Alternatively, you can choose to disable the Advanced Security feature.
  • We do not recommend that you disable Advanced Security, as this removes Advanced Security’s protections from all of your devices.
  • If you need access to a specific device, we recommend you keep Advanced Security turned on and follow the steps above to Allow Access on a device-by-device basis.
    
    

How do I report a website blocked by Advanced Security?
Advanced Security blocks websites that are determined to be risky. These sites could have malware, spyware, ransomware or viruses that could infect devices and make them at risk to personal data collection, blackmail or attacks on other computers and networks.

If you are trying to access a website that you think is being mistakenly blocked by Advanced Security, submit a request for re-assessment at spa.xfinity.com. The request will be reviewed, and an update will typically be provided within three business days.