In order to run a scan against a SQL server you don't have to put an agent on it. All you need to do is do an ODBC connection to the database that you are working. Read the DLP Admin Guide under Network Discover and there is a scanning db file section of things.
For SharePoint you do scan the files and not the index. You would want to scan the actual files to figure out what was actually in the file....
Yes you can restrict files by type. So you could ignore all *.VMDK files for example since they may take a long time to scan. Also if you wanted to scan the backup data to detect confidential data that would work as well. I have worked w/ several customers that have done that before. The rpboelm would be when you wanted to quarantine the file or do something via Network Protect you would want to do the protect actions on production data