There's should be no need to add the HTTPS service on these rules, so I would suggest just using application elements in Service cell. Note also following from documentation:
If Server Credentials or a Client Protection Certificate Authority have been uploaded to the engine, adding an Application that allows or requires the use of TLS to an Access rule may enable the decryption of the following TLS traffic: TLS traffic from Applications that cannot be identified based on cached Application information, TLS traffic that matches an Access rule that enables Deep Inspection if the Service cell contains an Application or a Service that does not include a Protocol Agent, and TLS traffic for which there is no TLS Match with the Deny Decrypting option that excludes the traffic from TLS Inspection.
Do I understand correctly that with 15.6 rule you are able to block two applications, but Facebook applications on 15.5 rule fail. In that case most likely reason is communication to use SPDY protocol which is extension to HTTPS. NGFW 5.7 is not able to decrypt SPDY and thus Facebook detailed applications could not work. Generic Facebook application that is based on TLS match works still even with SPDY.
You could test whether it is question of this by disabling SPDY on your browser.