An HP vb script is executing the following command line every time and it is causing a lot of outbound traffic.
The congestion in the firewall gets even worse during this transaction because it is being denied.
C:\Windows\System32\cscript //Nologo "C:\Program Files\HP OpenView\bin\win64\OpC\opcagtw.vbs" -type –verbose
Delay can happen during certificate validation.
After CryptoAPI starts validating the individual certificates in the presented certificate chain(s), the following checks are performed:
1. CryptoAPI determines whether the certificate is included in the Untrusted certificate store. All certificates in the Untrusted certificate store are explicitly designated as disallowed certificates.
2. If the certificate included a stapled OCSP response and the stapled response is time valid, use the stapled OCSP response to valid the revocation status of the certificate.
3. If a CRL with the matching issuer name and optionally the same IDP is already in the CA store, use that version of the CRL.
4. If a stapled response or previously downloaded CRL is not available, then CryptoAPI must attempt URL retrieval to determine the revocation status of the certificate.
5. The URLs for OCSP and CDP are built in the following order:
a. OCSP URLs from Group Policy
b. OCSP URLs from the authority information access extension
c. CRL URLs from the CDP extension
On the systems where there is no internet access, the delay can equal to URL retrieval timeout set on the system.
DNS settings and network settings can also add up to the effective total retrieval time.
The removal of the signature block for both opcagtw.vbs files stops the network traffic.
This is documented in the following KCS document: http://support.openview.hp.com/selfsolve/document/KM00956568