maxgerhardt, you did it! 
I am using Microsoft Defender within a Private Network. When I switch the firewall off, the OTA-upload works perfectly. So we have a usable workaround. But indeed I would not want to switch off the firewall permanently, and doing so each time I want to upload OTA is a bit cumbersome.
And now we are getting a bit off-topic, i.e. off-platformio, but I do esteem your support even more:
It is an ESP32-WROOM-32D, 1st generation with 4MB flash IIRC.
Yes, it does with these settings:
