Well done on figuring out what the issue/problem was!
I generally use 705 folder permissions on my sites and in some special cases 700 folder permissions. I have never tried 701 folder permissions before, but will look into that.
The cURL Scan results will show the literal plugin script path. It is recommended that you always choose to use RegEx code (.*) so that in cases where a plugin script name or version number changes with each new plugin update then the Plugin Firewall whitelist rule will still whitelist that plugin script even if the exact literal name has changed.
The next version of BPS Pro will focus on increased Plugin Firewall automation. The goal is to have a check that automatically detects when a new plugin script needs to be added to the Plugin Firewall whitelist text area and display a message such as this example message: “Plugin Firewall whitelist rule: X needs to copied and pasted to the Plugin Firewall Whitelist Text area…”. This will eliminate the clunky step of having to manually rescan for new plugin scripts when a plugin is installed. We are not 100% sure what should happen with the New Plugin installed Dismiss Notice when a new plugin is installed. ie whether to keep as extra insurance or change the displayed message or just get rid of it altogether.