A lot of endpoint protection products rely on SNI sniffing. E.g. Apple's network extensions filters look at TLS handshakes.
Then they would drop the connection with esni
Then they would drop the connection with esni