There can be multiple learn modes, each one learning from an individual IP address range or object:

In the above example, computers with an IP address in the range -, as well as any user, group or computer object that's a member of the group "cert publishers" are in learn mode.

"Valid for"
Usually - and this is strongly encouraged - "valid for" should remain set to "". The network range "" includes all IP addresses and therefore represents an alias for "all computers". This means that all new hashes added in learn mode will be allowed for everybody ("allow" rules are valid for "").

You can however set "valid for" to something different. This will result in new hashes being added to the whitelist in learn mode with "Allow" rules that are valid only for the object you selected here. This can effectively be used to create a blacklist, because programs already listed in the whitelist will not be learned if a learn mode is used later. If "valid for" is set to something invalid, the learned program will not be allowed for anybody, and it will also not be added when learn mode is turned on. This is effectively a permanent blacklist.