If a web site ssl certificate is expired or invalid for any reason, the user should not be able the accept the risk or ignore the warning and proceed. Instead, the website should be blocked for the user. This can be done with browser policy settings of course. However, the prefered way in my company would be using the ESET Dektop Firewall setting if possible. If I got you right, this is not possible with ESET. I'm fine with that. Thanks.