Symantec DLP does work in both bridge and tunnel mode.
We don’t support HTTPS in a explicit forward proxy configuration because ISA can’t play man-in-the middle for SSL in that specific configuration.
However, if the bridging configuration works for reverse proxy such as OWA via SSL, then this should be transparent to us and we will be able to inspect HTTPS traffic because Prevent would inspect the unencrypted traffic. At that time any issues would be considered an ISA configuration issue that may need to be reviewed by the ISA administrator.
Microsoft's own documentation states that in addition to "tunnel mode" the ISA server can be operated in "bridge mode," in which case it operates much as a supported ICAP proxy does, with two separate encrypted streams from browser to proxy and from proxy to website.
Microsoft references regarding the different ISA operating modes: