A SSL: CERTIFICATE_VERIFY_FAILED error is thrown to Python programs (like pip) when trying to access Internet.
The python -m pip install --upgrade pip, that allows to update pip, or any pip install <package> command throws the same error.
Python-dependent programs like streamlink have the same behaviour and need --http-no-ssl-verify or similar flag to function properly.
Adding pypi.org and files.pythonhosted.org to trusted hosts as a workaround doesn't work. What's needed is to either disable SSL/TSL protocol filtering or add python.exe and pip.exe to the List of SSL/TLS filtered application with "Ignore" as Scan action.
The reason I open this topic is that maybe, there will be a way to conciliate both and make these programs work without an input from the user. But I don't know if the change needs to be done from ESET's side or Python's side. In any situation, I hope this topic will be at least informative and helpful for users who face the same issue.
Full error from pip.exe
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)'))': /packages/1a/70/1935c770cb3be6e3a8b78ced23d7e0f3b187f5cbfab4749523ed65d7c9b1/requests-2.23.0-py2.py3-none-any.whl