Hi, I got the same problem where Qualys flags ESA as being vulnerable to CRIME on SMTP port 25.
According to your response, you mentioned securing the admin's browser. However, isn't this a problem with the SMTP server, instead of the web interface...