For instance, if I wanted to create a certain vulnerability exception for only workstations is there way I can do this based on tags?
Don't think this is possible. Use of an Option Profile and Search List (exclude) and then setting up scans for particular tags and referencing the options profile is the only workaround I can think of.
(ie, if someone scanned a workstation using a normal options profile it would still check)
You could set up remediation rules, but this would also still show the vulns in your scan report.
QID exceptions are done in an options profile object which will be used for a new scheduled or add-hoc scan. Scan objects allow the use of tags to designate targets, If you create an option profile with the desired QID exception and enunciate a tag specific for workstations on the scan job that will provide your desired functionality.
Another option you can do is to exclude the QID form the report profile, however it will be reported as excluded.
Hope this helps, thanks
Retrieving data ...