Public/Get-LGSignatureAudit.ps1

function Get-LGSignatureAudit {
    <#
    .SYNOPSIS
        Verifies Authenticode signatures for executables of prohibited/flagged software.
    .EXAMPLE
        $policy = Invoke-LGPolicyCheck -PolicyPath .\lg-policy.json
        Get-LGSignatureAudit -PolicyFindings $policy
    #>

    [CmdletBinding()]
    param(
        [Parameter(Mandatory)]
        [PSCustomObject[]]$PolicyFindings
    )

    $L = Get-LGEffectiveStrings
    Write-LGHeader $L['hdrSignature']

    $toCheck = @($PolicyFindings | Where-Object { $_.PolicyStatus -in @('PROHIBITED','REQUIRES_LICENSE') })
    if (-not $toCheck) {
        Write-LGStatus 'Signature check' 'Nothing to verify' 'OK'
        return @()
    }

    $rows = [System.Collections.Generic.List[PSCustomObject]]::new()
    foreach ($sw in $toCheck) {
        $keyword = ($sw.Name -split '[\s\-_]+')[0]
        $exe     = Get-ChildItem 'C:\Program Files','C:\Program Files (x86)' `
                       -Filter "$keyword*.exe" -Recurse -Depth 3 `
                       -ErrorAction SilentlyContinue | Select-Object -First 1
        if ($exe) {
            $sig    = Get-AuthenticodeSignature $exe.FullName
            $status = switch ($sig.Status) { 'Valid' { 'OK' } 'NotSigned' { 'WARN' } default { 'EXPIRED' } }
            $subj   = if ($sig.SignerCertificate) {
                ($sig.SignerCertificate.Subject -replace 'CN=', '').Split(',')[0]
            } else { 'Unsigned' }
            Write-LGStatus $sw.Name "$($sig.Status) -- $subj" $status
            $rows.Add([PSCustomObject]@{
                Module    = 'Signature'; Name = $sw.Name; Status = $status
                Detail    = "$($sig.Status): $subj"; SignatureStatus = $sig.Status
                Signer    = $subj; ComputerName = $env:COMPUTERNAME
            })
        } else {
            $rows.Add([PSCustomObject]@{
                Module = 'Signature'; Name = $sw.Name; Status = 'WARN'
                Detail = 'Executable not found'; ComputerName = $env:COMPUTERNAME
            })
        }
    }
    $rows
}