BPS does not block any good/legitimate bots from doing what they do. What happens a lot of the time is that a bot script is doing several different things and one of those things in the script triggers a 403 error. When Security/HTTP Error logging was added to BPS a lot of folks started thinking that BPS was blocking good/legitimate bots. For years BPS has not blocked any good/legitimate bots and nothing has changed about that in BPS.
Another thing that can trigger 403 errors is how a particular plugin is handling image files. Example: If you have a plugin that is doing something additional with image files - thumbnailing them or lightboxing them then however the plugin is doing that can trigger a 403 error, but the important thing to note is that in most cases everything still works perfectly fine, but a nuisance 403 error is being logged. In most cases you can choose to ignore these errors. If on the otherhand something is actually not working correctly then creating a whitelist rule is what should be done to solve the issue/problem.
There are 2 approaches/methods that can be used to resolve excessive Security/HTTP Error logging.
Ignore logging approach...
See this Forum Topic link below for details on how to use either of these approaches/methods.