Reproduction steps: Add domain.tld (askmrrobot.com) to "Trusted addresses" list to exempt it from being decrypted.
Actual result: Kaspersky script is still added to the web-site. The only way to make this work is to add "www." or "*." to the domain exception. Since the "Trusted addresses" dialog specifically lists "example.com" as legitimate format I assume this to be a bug.
Curiously I also reported this to support for KIS where the same happens and just got told that this was "by design"?! To make things worse with KIS you cannot use the "*." workaround (invalid format error), so for KES we at least have some way to exclude a whole domain.
Expected Result: Whole domain, including all sub-domains, should be excluded from decryption.
These are screenshot using KIS, but the same applies to KES: