BPS and all other WP Security plugins do not interfere with other Plugins or Themes Upload Forms or anything else that is seen as normal functionality in in other Plugins or Themes. If a Plugin or Theme has an Upload Form then the Upload Form code itself should have sanitization and validation security code to only allow certain file types to be uploaded using that Plugin or Theme Upload Form. So as long as your Plugin or Theme Upload Form does not allow .php files or other executable file types to be uploaded then you do not need to worry about files after they are uploaded to your website.
Regarding scanners/scanning for malicious code or files, all malicious code scanners can only detect obvious malicious code patterns and are not capable of detecting that a file is hacker file if the file does not contain any obvious malicious code patterns. Currently BPS does not have a malicious code scanner for that reason, but we will be adding a malicous code/file scanner later to BPS. Note: A scanner should only be used as confirmation that your site is already hacked. Some plugins with malicious code/file scanners claim to be able to detect and remove all hacker files, which is simply not possible to do since some hacker files are intentionally created to not be detected by any/all scanners since they do not contain any obvious malicious code.
BPS Pro UAEG blocks executable file types from being accessible or executed in your WordPress /uploads folder. So if a hacker did somehow upload a hacker file to your WordPress /uploads folder then the hacker file would be useless to the hacker since that hacker would not be able view, process, access or execute the uploaded hacker file in your WordPress /uploads folder.
.
