Yes that's more or less it. It doesn't matter what the trigger is, it is scanning your system's files whilst you are trying to use the system, and soaking up resources in the process.

it continuously scans files in a cycle to check if anything hasn't come in
I really don't see any great value in that. After all, if something has infected you it has already bypassed your interactive scan, and if it does find something you would be well advised to perform a thorough on demand scan in safe mode anyway?

I can see a sort of logic in it, insofar as if the AV regularly updates the pattern files then a subsequently (to the infection) identified malware will be detected. For this to be effective you need to allow updates on a very regular basis. and you really need an environment that justifies it, which I don't think applies to most home users?............. not to the ones I deal with at any rate