diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js
index fe47faa574..b7ee97d89a 100644
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -128728,6 +128728,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
       `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}`
     );
   }
+  if (process.platform === "win32") {
+    throw new Error("Scanning archives is not supported on Windows.");
+  }
   const result = {
     scannedFiles: 0,
     findings: []
diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index 2794b130e2..57b06ab2f5 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -133650,6 +133650,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
       `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}`
     );
   }
+  if (process.platform === "win32") {
+    throw new Error("Scanning archives is not supported on Windows.");
+  }
   const result = {
     scannedFiles: 0,
     findings: []
diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js
index 9c40cb5e66..414118377f 100644
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -127590,6 +127590,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
       `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}`
     );
   }
+  if (process.platform === "win32") {
+    throw new Error("Scanning archives is not supported on Windows.");
+  }
   const result = {
     scannedFiles: 0,
     findings: []
diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js
index 12d1b216c3..cce51af701 100644
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -127577,6 +127577,9 @@ async function scanArchiveFile(archivePath, relativeArchivePath, extractDir, log
       `Maximum archive extraction depth (${MAX_DEPTH}) reached for ${archivePath}`
     );
   }
+  if (process.platform === "win32") {
+    throw new Error("Scanning archives is not supported on Windows.");
+  }
   const result = {
     scannedFiles: 0,
     findings: []
diff --git a/src/artifact-scanner.test.ts b/src/artifact-scanner.test.ts
index d2ecd18e2f..6f68e647da 100644
--- a/src/artifact-scanner.test.ts
+++ b/src/artifact-scanner.test.ts
@@ -141,7 +141,12 @@ test("scanArtifactsForTokens handles files without tokens", async (t) => {
   }
 });
 
-if (os.platform() !== "win32") {
+// This test is slow (extracts and scans a zip artifact), so by default we only run it in CI. Set
+// RUN_SLOW_TESTS=1 to run it locally.
+if (
+  os.platform() !== "win32" &&
+  (process.env.CI === "true" || process.env.RUN_SLOW_TESTS === "1")
+) {
   test("scanArtifactsForTokens finds token in debug artifacts", async (t) => {
     t.timeout(15000); // 15 seconds
     const messages: LoggedMessage[] = [];
diff --git a/src/artifact-scanner.ts b/src/artifact-scanner.ts
index 90c4241979..5f238811a1 100644
--- a/src/artifact-scanner.ts
+++ b/src/artifact-scanner.ts
@@ -156,6 +156,10 @@ async function scanArchiveFile(
     );
   }
 
+  if (process.platform === "win32") {
+    throw new Error("Scanning archives is not supported on Windows.");
+  }
+
   const result: ScanResult = {
     scannedFiles: 0,
     findings: [],