The Violation count for a Defender user will increase when the token response has been rejected. In the DSS log you will see, e.g.:
(Radius response: Authentication Rejected (Invalid response))
The user receives an access denied message when this occurs. But this will only take place when the number of Logon Attempts, as defined in the applied Defender policy, has been reached.
Please refer to the Configuration Guide for more information regarding the Security Policy Configuration