Yes, they are.
But I just did the test to change network of the 64bits one, switching from ADSL box to my smartphone configured as access point : same behaviour.
About WinHttp, I just had a look on it on docs.microsoft.com.... in which they are talking a lot about Win XP, Win XP SP2, etc... but not even a line about Win 7 or Win 10. Isn't it a deprecated tool ?
Moreover, I read that :
The following features were added in version 5.1 of WinHTTP:
...
Secure Sockets Layer (SSL) functionality, including client certificates. Supported SSL protocols include the following: SSL 2.0, SSL 3.0, and Transport Layer Security (TLS) 1.0.
...
And, indeed, what I read about "SChannel fatal error 40 en 70" (the errors raised in Eventlog) is that they are linked to TLS 1.0...
Maybe a "piste à creuser" (sorry for other readers than Jean, but I don't know the similar expression in english...)
I've found something really interresting....
Please have a look onto
https://support.microsoft.com/en-us/help...cols-in-wi
I'm not sure to understand everything (more exact : I'm sure to DO NOT understand everything

), but I've been particularily interrested in the paragraph "How the DefaultSecureProtocols registry entry works"
And I have created the (new, didn't exist before) value
DefaultSecureProtocols in registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp (and HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp on 64b laptop) and set its value to x800 (ie. enable TLS 1.2 by default).....
and BINGO ! QAP version checking works !

No more errors in Eventlog, and 9.4.1.1 no more supposed to be up to date
I don't know what you have to do to avoid that other users have to update manually, as I did, their registry, but I'm confident that a detailed reading of support.microsoft.com/en-us/help/3140245 will give you the answer.
In the mean time, I revert my updates, waiting for the final solution you will provide.
Bonne lecture, et bon courage !