Skip to content
PDX_LabCoat's profile

New Contributor

 • 

6 Messages

Tuesday, July 28th, 2020 4:00 PM

Disable Security Edge

Hello,

 

I need help disabling Security Edge on my account. It hijacks DNS requests, no matter what DNS server you are using.

 

nslookup google.com 4.3.8.5
Server:		4.3.8.5
Address:	4.3.8.5#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.6.46

As you can see, 4.3.8.5 is NOT a real DNS server, but instead hijacked by the Security Edge DNS servers and resolves queries. We cannot and do NOT want this on our network. We do testing that relies on an IP actually being a nameserver, and some software requires it to fail if a device uses an invalid DNS server.

 

At this point, my only option is to change providers if Security Edge cannot be disabled. I have went to the Security Edge portal and disabled all that I could, but this does not prevent the DNS hijacking that's going on. I understand what Security Edge does, but it is not needed on our system, as we have our own internal firewalls and devices that manage all of our IPS/IDS.

 

Thank you for your help!

Official Employee

 • 

276 Messages

4 years ago

No problem at all. We have a dedicated team that is always here to help you on forums. Even though we have a service issue to fix I look forward to the opportunity to speak with you. I am very sorry Security Edge may be hindering your online experience. I know this must be an unnecessary obstacle and I can do my part to get the feature disabled if this is something you decide to do. Are you able to send a private message? If you can include your name, service address, and account number (or phone number) this would be perfect!  

New Contributor

 • 

6 Messages

4 years ago

PM sent. Any update?

New Contributor

 • 

6 Messages

4 years ago

I have submitted the PM again. I would really like to get Security Edge disabled ASAP, as switching the modem to bridged mode only causes it to revert back within 24 hours. This is now causing business interruptions for us as well as extra costs migraing current servers to Azure and using VPN to get things done. This wouldn't be the case if we could flip a switch in the Security Edge site to completely disable it, instead we are at the mercy of waiting for a response. This is just unacceptable.

 

Here is proof of the first PM that you say you cannot find, as well as this followup one. Maybe contact the team that manages your forum and figure out why our PM's always disappear and we have to contact multiple times. (a quick search of the forum shows it's a common occurance). Please get that issue fixed on your end, or give us access to direct email support instead of forcing us to use the forums or call the 800 number only to be sent to residential CSR's who mess up your account.

Screen Shot 2020-07-30 at 10.09.25 PM.png

Official Employee

 • 

276 Messages

4 years ago

I apologize, I am not seeing your private message. If you click on my name do you see an option to send a private message this way? 

Problem solver

 • 

144 Messages

4 years ago

Hi there! I'm so sorry for the delay. During this time, we are doing our very best to make sure we respond to you as soon as possible. Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. Can you please send me a private message with the last four of the account number and/or last statement balance, your full name, phone number, and service address including city, state, and zip code?

New Contributor

 • 

6 Messages

4 years ago

This is the last time I am sending that info via PM. Getting annoyed with having to send it and NOTHING getting done. It’s time to switch to Level3 fiber services instead of Comcast.

New Contributor

 • 

6 Messages

4 years ago

Hello,

 

I have not recieved any update since PM'ing my info to Comcast_Gina. Is there any update on this? I would like to stop paying for hosted services and host them on-site again, without Security Edge enabled.

New Contributor

 • 

1 Message

4 years ago

I also had a screaming match with Comcast over this SecurityEdge "product" that is in fact a DNS hijacking attack. The salesperson promised it could be turned off completely through the Comcast portal, but this was a lie; it cannot be disabled without Comcast sales removing it from your account and selling you a diferent package, thus dramatically increasing the price. I was sold to me originally as part of an upgrade package that was a good deal (I did not ever want SecurityEdge and the sales person promised over the phone it could be disabled). However, when this SecurityEdge "product" caused massive issues with our network (caused traffic to fail on our network since our firewall flagged the DNS Hijacking as an attack), the only solution Comcast would offer was to remove the package pricing and give me the services at full retail, thus doubling the price, even though I was getting "less" services than with the package. (Edited: Soliciting)

New Contributor

 • 

3 Messages

The same thing happened to me. They assured me that I *had* to upgrade my modem to get my new and improved speeds. Now they're breaking DNSSEC, returning false results from IP addresses that aren't even real, and basically breaking my Internet connection.

Waiting for AT&T Fiber to come out. I'm done with Comcast [Edited: "Language"].

(edited)

Official Employee

 • 

29 Messages

Hello Stian, Did you upgrade your personal device or to a new Xfinity gateway? Appreciate you sharing this information and getting us in the loop to help. 

Problem solver

 • 

144 Messages

4 years ago

Hi there! I'm so sorry for the delay. During this time we have a need for an increased support, but we are doing our very best to make sure we respond to you as soon as possible. Thanks so much for reaching out. You've absolutely reached the right place, and are in good hands. I will own this Issue for you and ensure that I provide the best help I can today. All I need is your full name, account number (follow link https://comca.st/2QR7eHu, account number is at the top right)and address including city, state, and zip code exactly how it reflects on the bill, and I can help you with whatever questions or concerns you may have. 

Contributor

 • 

23 Messages

4 years ago

PDX_LabCoat

Were you ever successful getting that DNS hijacking turned off by support ? 

New Contributor

 • 

15 Messages

4 years ago

I just got 300/30 package that includes "Security Edge" I was able to disable the web filters in the dashboard.

lac@heron:~$ nslookup google.com 4.3.8.5
;; connection timed out; no servers could be reached

 

Contributor

 • 

23 Messages

3 years ago

I wish it was really that easy... had to work a failover this week end and was unable to bring the business applications onto my comcast servers as edge is still blocking my local dns servers from downloading zones and accessing information needed at the root level servers... 

mgc@infra:~$ nslookup google.com 4.3.8.5
Server:         4.3.8.5
Address:        4.3.8.5#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.12.206
Name:   google.com
Address: 2607:f8b0:4006:808::200e

I have had webfilter turned off since day 1... 

New Contributor

 • 

5 Messages

3 years ago

After MULTIPLE calls to Comcast and several CR, Security Edge is STILL not completely disabled.  I do NOT want Comcast doing deep packet inspection of our traffic.  We also run our own DNS system on our own servers.  So...

HOW DO WE GET SECURITY EDGE 100% DISABLED????

Trusted Forum Contributor

 • 

57 Messages

Hello there, @netwiz100. Most of the settings to control/manage the Security Edge is built into the web portal. If you are still having issues after disabling all of that, please reach out to us via  PM with your name and address. 

 

To send a private message, please click on the chat icon on the top right next to the bell. Please make sure to send the message to our singular handle "Comcast Business" and we will get back to you ASAP.

I no longer work for Comcast.

Visitor

 • 

1 Message

The only way I have found to work "around" the DNS hijacking Comcast is doing is by setting up my own internal DNS resolver and then having it do DNS over TLS to cloudflare and a few others that support it. At that point, Comcast can't do deep packet inspection and they let the traffic pass. Problem mostly solved. I say mostly, because we still get occassions when we have pages timeout like we did before the DNS over TLS solution, but that is only a few times a week and a refresh usually clears it up.

New Contributor

 • 

5 Messages

3 years ago

Even though their Security Edge is "Off" on our system.  It is still blocking "Phishing" attacks.  We do NOT want this service.  We have our own network security, and I cannot allow exceptions in their system for items that are misclassified.  COMCAST: This system is BROKEN! 

Official Employee

 • 

31 Messages

@TMain - Thank you for replying with your concerns! I know how important it is to maintain the level of service you need, and we definitely want to help however we can. As the other thread you've located states, you can disable a lot of the features via the Security Edge web portal, but fully disabling it all the way would require the service to be removed from your account. If this is what you would like to do, you would need to contact our Comcast Business phone support team at 1(800)391-3000. And here are other ways to Contact Us. This team would be able to assist with repackaging your account to no longer include security edge.

New Contributor

 • 

5 Messages

3 years ago

According the Comcast 2nd Level support -  Security Edge on/off only affects connections via the build in WiFi.  If you are connecting via ethernet on the back of the modem, it is not active at all.

If this is still true, he answer is to either use a switch and ethernet cabling to connect, or plug your own wifi router into the back of the Comcast modem.

New Contributor

 • 

5 Messages

@netwiz100

This is not true.  Our entire network is hard line.  We do not use WiFi.  

New Contributor

 • 

12 Messages

@netwiz100​ 

not true.
I always disable wifi on the Comcast Business router and it still keeps intercepting my DNS caching server, and on my web login page for my account it gives me a circle with a red "x" if I try to turn it off completely.