Directory Path in Defender 'Prevent PHP Execution' not working

Directory path in Defender's Prevent PHP Execution is not working. It works for inputs like just uploads.php but not for directories like /plugins/CCSlider/includes/upload.php. But just using the file name does leave a little bit of vulnerability to the server, given that any plugin using upload.php will get through. I've tried with different directories as well. Tried the full path too - /home/trailsidemotel/public_html/wp-content/plugins/CCSlider/includes.
This restricts one of my plugins image upload option and I'd like to secure the other plugins and just allow PHP execution in this plugin only.