Mmm very odd. I’m running Picard Version 2.3.2 on High Sierra 10.13.6 and have never had any issues but I do run SIP without the Kext or File System Protection.
csrutil enable --without kext --without fs
More Info: https://eclecticlight.co/2017/04/28/sierras-system-integrity-protection-sip-beyond-root/
I highly recommend the above site for anything Apple and it has some great info on all of Apples security policies and problems.
To check the status of an app to see if it’s allowed to run which may also give some clues to why it wont run.
Type: spctl -a
Press Space:
Drag and drop the app into the terminal window
Press Return:
Do you know if the main executable and all the contents where signed. I don’t run antivirus accept for the XProtect part of Gatekeeper. Way to many false positives with anti virus software and they hog computer resources. Malware (including adware, ransamware) can be a problem for Mac’s but not a true Virus but you do help PC users if sharing files. Malwarebyes is the only software I would recommend or any products from objective-see. Most anti virus software’s do more harm than good. OSX is pretty good at looking after itself.
The thing with Gatekeeper is that it records everything you download, which browser used, site URL and time of download. This all gets listed as extended attributes metadata. Nice for forensics 
https://eclecticlight.co/2017/08/14/show-me-your-metadata-extended-attributes-in-macos-sierra/
Apple is the problem because they keep introducing all this security nonsense which IMO is mostly not about security and more about making things difficult to drive developers towards the MAS where they profit. I wont install anything from MAS on principle plus I block all connections to Apples servers. I’m not interested in MAS or Cloud stuff. They can spy and data collect from somebody else thank you very much.
An alternative to the above xattr -cr is xattr -rd which recursively deletes the attributes instead of clear.
I would test the software myself but my system is highly customized and locked down. It would mean me installing Virtual systems and I only have a a laptop with limited resources these days. Application is damaged is definitely a Gatekeeper issue and the quarantine flag. Once it has done it’s scan, set the quarantine flag and giving the user the warning, there is no going back until either that flag is removed or Gatekeeper is disabled and fresh copy of the app is downloaded to install.
If users want to temporally disable Gatekeeper to install and allow downloads from anywhere. Then launch the app once.
Type: sudo spctl --master-disable
Press Return:
Enter your password, The cursor will not move and there will be no feedback.
Press Return:
To then re-enable after the initial launch,
Type: sudo spctl --master-enable
Press Return: