100

A developer has come across this topic and corrected me. The upgrade is in fact performed after a reboot so you can stay with the current version without a reboot as long as needed. If a newer version is released in the mean time, an upgrade to it will be performed after a reboot.

Yes:
https://help.eset.com/eis/12/en-US/idh_page_scheduler.html
https://help.eset.com/eav/12/en-US/idh_page_scheduler.html

No. We will start distributing a newer version of the cleaner module 1198 with another fix most likely within the next week.

It's available only on the pre-release update channel. This is intentional.

We don't release modules to all users at once but gradually in batches so that in case of issues we can stop the release and revert the module to mitigate the impact on users.
Modules are released as follows:
1. wave: released for QA testing
2. wave: released for internal testing on a bigger group of production machines and for beta versions
3. wave: released for users with pre-release update channel set
4. wave: released in batches gradually to all users
5. wave: released for all users.

It's detected now:

 

As far as I am aware of, you can't use certificate exclusions this way. They are use primarily to exclude a web site from being scanned.
So your statement is correct; Eset's build-in scanning exclusion list overrides everything.

If you want to filter the communication on trusted websites, e.g. facebook.com, disable the setting "Exclude communication with trusted domains" in the SSL/TLS filtering setup.