Unfortunately the machines that get infected are not fully controlled by us but they get networking and internet from us (space rental in the building), so we isolate them as much as possible and we black hole all the bad traffic on the router level.
Our machines all have EDR and strict security policies. Not much gets past that.
We are seeing on our corporate network lots of browser hikackers that connect to c&c and are used in botnet DDOS as a service. Once you install x software it sets up a persistent service that keeps modding chrome.exe etc
Firewalling the .exe that you installed does nothing to stop the calls to c&c
I saw the issue you raised for this, good job
I don't hold it against them. They have their hands full at the moment with DDOS attacks. The admins are barely able to keep the place running. The beauty of federation is that we can pick and choose where to sail from.