Absolutely Lost - Please Help

Copper Contributor

Dear All,


Very sorry to post this here but I don't know where to start even. I run a network on Azure/Intune and it has worked just fine for the last two years and very recently, without anyone downloading any virus whatsoever, all 4 computers on our network periodically throughout the day have *any* website that is put into the browser redirected to a malware site instead. The intune's security is set to stop the attack and won't let users proceed but it interrupts workflow as we have to wait about 1 minute and the problem self-corrects. Every virus scanner says not a single issue is wrong with any of the four computers. I disconnected from the hybrid AD and the problem persists. It even once appeared on my iPhone using google chrome web browser. Why would a virus span across 4 windows 11 PCs and 1 iPhone like this? I have searched and searched and to no avail. The initial redirect seems to orient to our static IP from spectrum that was purchased when setting up the Intune network. Microsoft Security center says everything is fine with our network but clearly that's not true. What should I do?

2 Replies
that just sounds more like a plugin in your chrome browser that produces adds and redirects you to spam sites. Maybe you have configured a chrome account and are roaming the settings?
What happens when just trashing the profile in your browser... resetting the whole browers profile/deleting all the settings
Are the devices onboarded on MDE? If yes, then I will suggest to isolate them through Defender portal and run forensic investigation on them.