@mulli I use ESET NOD32 and do see a similar issue in Chrome. I do most development with Firefox, which isn’t impacted.
I just loaded Chrome and tried to open a .local site, and received the invalid cert message. I used the “disable protection” option from the NOD32 systray icon, restarted Chrome and tried the site again – same result. After re-enabling the protection, I then went into the NOD32 settings and disabled SSL filtering (per [KB3126] Disable SSL filtering in ESET Windows home products (14.x–16.x)), restarted Chrome, and the site came up as expected. I suspect that disabling protection with the systray option is not disabling SSL filtering.
I don’t see an obvious way to exclude *.local domains from SSL filtering. The “exclude communication from trusted domains” option on that settings page indicates an internal whitelist/allowlist – I don’t see an obvious way to add to that list.
I also tried exporting the Local cert and importing it – click edit on “List of known certificates” on that settings page – but the cert didn’t appear to fully import (possibly due to missing corresponding CA cert?).
You may want to ask some questions of ESET technical support to see if there are any options to exclude the .local domains, or consider the Local cert as valid (likely by a successful import).
Hope this helps.