Disable Security Edge

SecurityEdge is poorly implemented and an embarrassment for Comcast. Our website is blocked and Comcast has no way of removing our website from the SecurityEdge blacklist. Sometimes they tell me it's Akamai's fault, so I escalated to the Akamai account rep for Comcast and they just shook their head.

Our website didn't even have any vulnerabilities, we were doing a http redirect to our homepage that had an old javascript library. They're not blocking that website, just the one that was forwarding. And now ay to remove. Who needs this kind of hamhanded security implementation? And to hijack DNS is definitely not the way to solve these kinds of problems.

I have always had excellent service from Comcast Business until this Security Edge garbage showed up.  The are willing to remove it but only if we renegotiate a much more expensive contract.

So let's call this what it is:  Comcast is almost certainly harvesting DNS lookup data and using the analytics to sell or use marketing data.   We bought CC Business exactly to avoid this garbage.  All we want is a fast, low latency data pipe, not Big Brother inspecting our packets.  It's obnoxious.

I just did a service upgrade and find the same NASTY thing.
EVEN with everything turned off that I'm allowed to (it shows me a red x when I try to turn it off completely), it's intercepting my own DSN caching nameserver and totally screwing me up.
I'll begin looking for a new provider too if I can't just have the open Internet like I had until today's upgrade.

@mrshyvley​ I have had this issue for years, sadly Comcast is the only business class internet I can get where I live (residential, I need the SLA agreement after having client issues from outages in the past).

I had to call customer retention (or whatever comcast calls that department) and get them to do it.

What is most interesting in my case is that I tracked my DNS issues with a level 2 tech for about 5-6 months back in 2017/18 because it was causing me issues on a particular dev topic.  A few ssh/sftp attempts and then I could see my endpoint resolve to an akamai edge peering address, rather than MY OWN hosted resources (which I knew the address of). Even using a hardcoded ip address in my queries still resulted in the same behavior, as the automated scripts were detecting it as malware traffic.

At that time Comcast did not admit to even having security edge, and post Covid (when it showed up in my business control panel under my account) they did acknowledge it was used for 'testing' purposes with customers before they publicly acknowledged its existence.  At the same time, it had already been documented for some time on the consumer side that they were doing ad injections using DNS requests (redirecting ads to their own internet ad network, which was notice because ad blocking software did not have their internal ad network logged and so ads would show up when they should not have).

In any case, turning it off via the web panel is only a partial disable, and (I believe) the wifi connection is left always filtered. Calling and threatening with breach of contract due to interfering with development tools (business class internet should let business functions occur normally!) got it turned off.  However it comes back on after major services and/or router changes, causing me to repeat this process every 12 months or so.

We are close to renewing service for our business and the inability to run a clean DNS service is so disruptive, we're thinking about terminating Comcast Business at the end of the contract and just living with consumer grade 5g.  This is beyond stupid.  This is "pay no attention to your customers' wishes.'

This nonsense broke a complex master-slave, split horizon DNS configuration so badly we had to hand engineer around it.  Why Comcast?  So you could harvest our DNS lookups?  It's terrible.

Comcast Sales insisted on forcing their cable & Phone device on me with Edge security, I specifically told her I wanted no edge security but still got sodomized with something I did not want, so I found a simple solution.  I placed a Netgear Nighthawk Router in "bridge mode" on the Comcast piece of junk, and as I did that, the Comcast Modem squawked that if I do that, it will disable Edge security!  Thank you, Jesus, and now My DNS goes to 8.8.8.8 / 8.8.4.4!  I own an IT support company and I won't be sharing my customer's data and info with Comcast anytime soon - a bird for you Zfinity!

There is now an option to disable Security Edge in your account.  Just log in and look for it.

In my case, when I updated my contract to a higher speed, the sales person stuck me with Security Edge, making it sound like I had no choice to take it, even though I told her clearly more than once that I didn't want it.
It messed up my network to the point of being unusable.
IN the end, what I had to do was to speak with the Retention Department and have my contract re-done to NOT have Security Edge included in the contract.
I told them that I'd been with Comcast Business for over 10 years, was happy with the service, but if they insist on having this Security Edge attached to my account, I'd need to find another provider.
The gentleman I spoke with was VERY helpful and told me it wasn't required that Security Edge be included in my account, and that without it, my monthly cost would also go down a little.
We re-did my contract and everything's fine now.

SecurityEdge can be temporarily disabled via Comcast Business Internet dashboard interface.

Log into Comcast Business account.  Click on the 3 lines at the top left of your screen, then go to subscribed services, click on business internet, here you can manage your Security edge.
1. Access the Comcast Business Internet Dashboard.
2. Click the Cybersecurity carat to access the SecurityEdge slide out.
3. Click the toggle to Disable SecurityEdge.

Took 10 to 15 minutes for the change to take effect.  Found this out while testing a DNS Filtering solution for end user devices.

Closing thread due to age