“system files” here means stuff like XProtect definition updates (security responses). You most always want those to remain checked.
You can uncheck the “Download new updates” and still get what you want. So the answer to your question is yes.
I have fast internet so I always keep that unchecked — the actual update download is always much faster than the lengthy update process itself. I do see more opportunity for error if things get downloaded before I determine I actually want them. Case in point: the recent forced Sonoma update affected those who had this checked AFAIU.
I have had it that way for the longest time. I think this has been a quite common suggestion for people who want to keep tight control over their systems, without unnecessarily opening themselves up to unnecessary risk.
My Mac running Sonoma 14.2.1 just informed me, ‘New software is ready to be installed.’ When I moused over the lower right corner of the notification a (hidden) gray ‘Options’ button appeared. With a click/hold I had the option to ‘Install’ or ‘Try tonight’. When I clicked the X to close the window the update installation did NOT start. I checked System Settings>Software Update Available and found the 14.3 update had been downloaded and showed a button to ‘Update Now’. My ‘Automatic Updates’ are configured to automatically ‘Check for updates’ and ‘Install Security Responses and system files’, that is, just the first and last boxes are checked. I do NOT have enabled: ‘Download new updates when available’, ‘Install MacOS updates’, or ‘Install application updates from the App Store’. Despite this setting, the new update (14.3) did download automatically. I don’t plan to install 14.3 at this time based on some discussions here about Apple Mail problems after 14.3.
You are correct, I jumped to the conclusion that the updater had been downloaded. After searching a bit I have not found an updater in the places I looked. Maybe the ‘don’t download’ setting is being respected after all.