Someone important suggested this get posted somewhere so that anyone else experiencing check_http socket timeout problems with client/servers running Microsoft System Center 2012 Endpoint Protection would have a clue as to what could be causing issues:
If you’re receiving strange/unexpected timeouts from the check_http plug-in when running it against a server using Microsoft System Center 2012 Endpoint Protection, the Network Inspection Service may be blocking your check attempt.
Don’t bother trying to force an agent string or any other weird options; either switch to header-checks-only [no body] using the -N option with check_http, or disable your Network Inspection service entirely (not recommended). I couldn’t locate granular settings for the Network Inspection service included with Endpoint protection 2012, though I saw references to promising settings included in 2010 [applied/managed via GPOs and custom ADMX Administrative Templates].
I haven’t had time to troubleshoot this problem further, but I’m likely to encounter it again when I need layer-7 string checks for hosts using Endpoint Protection 2012 with NIS enabled.