It's really only a problem because there isn't much data inside ERA. For example--we're having an issue now (ticket submitted) where ESET is blocking Infopath forms. We have no idea what's causing it, and no triggers or alerts are being generated, but because I turned something on it's being blocked.
Some things that would be helpful are "best practice" standard policies that explain what the different settings do and what they're for. In absence of that, my goal would be that any action ESET takes be logged to ERA somehow so I could track what's going on centrally and adjust accordingly.
It's nice to see you guys taking the time to read these! Thanks.