Hi,
Your online scanner that run on Windows, access a host name of "onlinescanner.eset.com:80" and path of "/query/chsquery.php", but the request is like:
POST hxxp://onlinescanner.eset.com/query/chsquery.php
Content-Type: multipart/form-data; boundary=------------------------[random string with timestamp]
Host: onlinescanner.eset.com:80
Content-Length: 1987
While in usual request the payload for the HTTP method (POST in this case) is the relative path from the root, using a full URL instead, which is typical for a proxy activity.
This cause web gateways/IPS systems - to flag it as proxy activity and usually block it, when proxy is prohibited as part of the security policy.
So, please change this behavior and use relative path to have a normal request, non-proxy one.
Thanks!