* Data leaks are not prevented by MITM attack. A sufficiently determined data leaker will easily find easier or elaborate ways to circumvent it. * Malware scanning can be done very efficiently at the end user workstation. ( But always done inefficiently ) * How domain blocking requires a MITM? * C2 scanning can efficiently done at the end user workstation. * Audits does not require "full contents of communication"

Is MITM ever the answer?

Stealing a valid communication channel and identity theft of remote servers is in fact break basic internet security practices.