Interesting! So is it correct to say that the machines have no direct route to the internet without the system proxy? In my experience it will attempt to use WinHTTP, but if there’s no definition there the traffic should go direct. I guess if it looks for WinHTTP, finds nothing, and then attempts to go direct with no route this would indeed fail.
Setting a WinHTTP proxy might work, but I guess it could cause some slowness, as traffic would need to be touched first by WinHTTP and then by Z App.
Are you using Tunnel with Local Proxy? You could also try Tunnel mode, as in this mode we just explicitly get web traffic without the need for the system proxy.
Additionally, you can disable this NLA checking process in Windows (though I understand this might not be desirable).