You want them to only access the company site? Can you get the site on a non-standard port and block 80 at the firewall?

Not exactly, I have no issue with browsing.

What I want to do is essentially wrap the company site in its own program to try and make it more secure.

(this will probably never happen, but because I've seen two separate users have issues where something has been injected into our main system I think it is worth suggesting if there is a solution).

If that's what you want to do you could maybe use something like Electron and just build an app that does nothing but point to that one website. Electron is essentially webkit as a platform for building desktop apps on and I'd imagine that getting it to point to a single website would be the simplest app you could make.

 

OK, you lost me. We've had issues with javascripts 'injected' on to clients' web pages, but that has to do with the server security (lack thereof), not the browser (though if you prevented them from running javascripts, then they wouldn't actually be able to do SFA so um... nevermind).

Typical attack progression: malwares pay load dropper roots your box then deploys initial payload which is ad injection, or click fraud agents , after a day or so the machine gets sold on and the data exfiltraton is turned on and your data starts moving out the building, once that's complete or they get bored you end up with the nastiest of all the ramsomeware package, you've probably already done a full deep scan, I'd recommend a second with an alternate AV as the payload dropper looks to see which AV your running and drops malware that isn't detected.
HTH