A rule is activated on its "Valid from" date. After activation, it automates the exception process for vulnerable items (VIs).

The exception rule follows this life cycle:

1. The new vulnerable items (VIs) that you create or reopen, and that meet the specified condition, are deferred. If you enable the Execute on existing data option when you run the exception rule for the first time, all the active and non-deferred VIs that match the exception rule condition are moved to the newly created remediation task (RT) and its state is changed to Deferred.
2. If a newly created VI matches the exception rule condition, it is moved to the deferred RT that is associated with the rule and the group rule is not run on it.
3. On the "Valid from" date, existing VIs are added if you enable the Execute on existing data option.
4. The RT stops accepting new VIs when the rule expires on the "Valid to" date. The RT remains in existence until the "Deferred until" date.
5. The exception rule expires on the "Valid to" date.