I didn't get the chance to reply before you answered it for yourself, that yes my findings are that Probe Bypass does not help with technical issues and brings many problems with the HUGE number of sites and services requiring SNI to work.
I don't think I've allowed WhatsApp on any networks with HTTPS inspection enabled as it's mostly for smartphones and my personal approach to those is (with a very few exceptions) to have a separate 'insecure' zone or 'dirtynet' for them away from the corporate network. I'll have a play with it in my lab and see if I can make it work with HTTPS inspection enabled. At a guess, I reckon it will need and override because it is encrypted client server application and so *should* be using a sticky certificate at the very least if not a full public/private key certification to defend itself against man in the middle attacks. We'll see...
I do know that Check Point have continued to put in a lot of work on this at every Jumbo hotfix and indeed thatere has been a lot more done in R80.20 which was recently released. You have not mentioned in your post the version and jumbo level you are running at your gateway(s). If you are not on the very latest Jumbo I would absolutely say that is your first priority and then if you are able to go to R80.10 at least and R80.20 if possible then that would be the next move.
I am yet to deploy an R80.20 in a live environment but it won;t be very long.
To your last point, no the SNI problem affects the very initial connection will break an SNI based site even if you attempt a bypass by FQDN or wildcard it make no difference, it's that catch-22 style issue - it needs to inspect the initial connection to see the FQDN to then see if that has an exception by which time it is too late and the conneciton is 'broken'. Check Point have stated that they will not just 'trust' the URL requested in the as this has security implications (and it most assuredly does) but they have previously said that they might be working on extracting the URL from the certificate and including a way to make this reliable and secure. There's always the wildcard certificate problem to make that more complex as well
Check Point continue to evolve this technology and they really are getting better at every turn, but it's still not 100% perfect.
Ultimately in my opinion while Check Point have achieved an excellent solution under difficult global circumstances, total perfection is not achievable with the Internet as it is and that the currently mooted possibility of HTML6 having an API in to which a corporate gateway can connect for in-stream decryption purposes. You can imagine how divided the internet community is on that one!