Does this mean, the client actually checks with SCCM for new definition every 6 hours?
That depends. The Check for Endpoint Protection security intelligence settings only have value when using a source other than ConfigMgr.
If ConfigMgr is set as the source, then definitions are delivered to clients using update deployments created by your ADR(s) just like all other updates and thus follow the schedule define in these update deployments.
Does it use the Antimalware policy to check every 6 hours and install? ... OR, does it rely on the Software Updates SCAN & EVAL schedule
Neither. As noted, the 6 hours in the policy is only when non-ConfigMgr sources are configured. As for the update scan and eval cycles, these do not trigger update installation as that's not how updates work. Whatever deadline is configured in the update deployment is when the updates, definitions in this case, are installed.