Policy buiding for multiple VS's

The blocking action will only occur on those violations which are enforced after the enforcement readiness period expires. Think attack signatures, and any specific entity learning (parameters, file types, etc.) for which learning is enabled. During the enforcement readiness period, attack signatures are in staging. They won't be enforced until the period expires and no violations have been seen. Those violations are related to the application. If you export that policy to a new virtual server, but the application is different, then all of the learning done by that policy is meaningless because the app is different. In the case of a new/different application, start with a new policy. If the app is the same, then the policy would pick up where it left off in terms of learning. But do not forget that the automatic policy is in blocking mode by default. This means that enforcement of attack signatures and/or other entities can result in false positives if anything changes on the application. Make sense?

Yes. The policy rules still apply. The only danger is that the app has changed in the interim, or there are other settings (profiles, iRules, etc.) on the new VS which would make the interaction between clients and the VS different. What you are describing however is actually a recommended approach to automatic policy building: Start with safe traffic, from a trusted IP address--meaning a source that you know, which does not and will not send bad traffic. If ASM builds the policy using known, good traffic, and you know the application is stable, then that "good" policy can be placed into production.