It appears I spoke a bit early as I discovered that after applying your suggestion Bullet Proof Pro is still blocking parts of Visual Composer to work. To actually use the composer I have to disable the htaccess files. The latest log is the following:
[403 GET / HEAD Request: September 29, 2015 7:22 am]
Event Code: PFWR-PSBR-HPR
Solution: http://forum.ait-pro.com/forums/topic/security-log-event-codes/
REMOTE_ADDR: 50.67.13.228
Host Name: S0106e88d285787d7.vc.shawcable.net
SERVER_PROTOCOL: HTTP/1.1
HTTP_CLIENT_IP:
HTTP_FORWARDED:
HTTP_X_FORWARDED_FOR:
HTTP_X_CLUSTER_CLIENT_IP:
REQUEST_METHOD: GET
HTTP_REFERER: http://mydomain.com/wp-admin/post.php?post=1199&action=edit
REQUEST_URI: /wp-content/plugins/js_composer/assets/js/params/all.js?_=1443510688625
QUERY_STRING:
HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:41.0) Gecko/20100101 Firefox/41.0