• Events similar to: Excessive certificate validation Time[5min 1sec] 
• Extremely slow Agent initialization due to certificate validation failure
• High CPU utilization by the Parity.exe process

• App Control Agent: All Supported Versions
• App Control Console: All Supported Versions

Agent running in an air gapped (or otherwise limited Internet) environment causes Certificate Validation failures, which in turn delay the Initialization process or impact the endpoint performance.

Consider disabling Revocation Checks per this KB

• Checking certificates requires that queries be run over the Internet. In an offline environment, online revocation checking will never succeed.
• OCSP online requests to check for revocation, while resource expensive, are a critical piece that ensures the Agent has the most up to date validity information regarding the certificate in question.
• If a certificate is compromised and revoked by its author, it is critical that Agents are notified of this change in trust. Without it, new malicious files signed by the compromised certificate could be Approved.
• For an air gapped environment it is recommended to setup PKI such that Agents can trust the local cached information on the endpoint, or funnel through a network product that can do the caching and revocation checking on behalf of the endpoint without leaving the local network.