Powershell script to check and output the certificate and issuer validity of each file in a directory structure.

check_path_certs.ps1

## check_path_certs.ps1
## Author: JesterEE
## Date: 02/07/2017
## Description: Powershell script to check and output the certificate and issuer
##               validity of each file in a directory structure.
## Version: 1.0

$path = "<<PUT THE PATH HERE>>"

$valid_issuers = @("Microsoft", "Symantec")

##-----------------------------------------------------------------------------

$valid_issuers_regex = [string]::Join('|', $valid_issuers)
write "PATH : $path"
Get-ChildItem -Path $path -Recurse -Attributes !Directory+!System |
Foreach-Object {
    $file_path = $_.FullName
    write "FILE : $($file_path.replace($path, '.'))"
    $digial_sig = Get-AuthenticodeSignature -FilePath "$file_path"

    # There is not a certificate signature present on the file
    if ($digial_sig.SignerCertificate -eq $null) {
        write "  SKIPPING : No Certificate Signature"
        return
    }

    # Check the certificate status
    if ($digial_sig.Status -eq "Valid") {
        write "  VALID Certificate"

        # Check the certificate issuer
        $issuer = $digial_sig.SignerCertificate.Issuer.split(',') | ConvertFrom-StringData
        if ($issuer.CN -match $valid_issuers_regex) {
            write "    VALID Certificate Issuer"
        } else {
            write "  **INVALID Certificate Issuer**"
        }
    } else {
        write "  **INVALID Certificate**"
    }
}

Useful script for quickly checking the authenticity of files on Microsoft Windows downloaded from the internet.

Note: This is not fool-proof and in not meant as a replacement for file heuristic analysis (anti-virus) and common sense.