Normally Endpoint Protection has safeguards and clever algorithms which detect how much memory and CPU is needed for normal operations.
In general, if there are resources Endpoint Protection engine will use them, Also a major factor in resource consumption is what is currently happening on the system. On access scan engine will try to scan all modified files on the system in order to protect it. Also if a scan is running at the time then the consumption goes up.
Also, The app is build to make sure it will not impact performance so If there are resources it will use them if the system is low on resources it will stop some threads in order to make sure the system is not affected and the user can work.
Usually, after 1-2 weeks of usage, the application will know the system already and it should not use resources which could affect the user activities or impact other more important apps to run in the background.