Interesting problem. SiteLock is scanning for things that BPS security rules are blocking. So SiteLock is being blocked the same way a hacker would be blocked that was doing these exact same scans on your website looking for vulnerabilities/exploits. So instead of trying to create any sort of whitelisting rules for this, I think the simplest solution is just to ignore/not log any SiteLock Security Log entries.
To ignore/not log SiteLockSpider Bot log entries do these steps:
1. Go to the Security Log page.
2. Copy the SiteLockSpider Bot/User Agent name: SiteLockSpider into the Add User Agents|Bots to Ignore|Not Log text box.
3. Click the Add|Ignore button.