You didn’t say what your networking rules are.
As far as we are concerned, they did their job: someone is trying to gain access to your machine via netbios (port 139) and Microsoft DS (port 445), and those connexions were denied.
If the alert bothers you, just edit the corresponding rule in the network monitor and uncheck the alert.
We can however go a little further: excepting dedicated applications (p2p, but that’s quite insecure, ftp servers…and the local network if you have one), no one is supposed to have TCP in access to your machine: as an example, i have myself forbidden as applications rules ie and mstask, tcp and udp in.
You know log yourself as an administrator, and you go to “services”:
In the absence of a LAN and of shared ressources (printers, other PC), you should desactivate at least the following services as specified in the “safe” column:
If you have a LAN, check afterwards for the functionnality:
if it does not work, allow back the corresponding service, but make an application rule allowing only the LAN zone: i have these rules for rsvp, svchost and system, in the same time i made 3 networking rules (one for TCP/UDP, ICMP, IP) only allowing the LAN zone.
Last (for the moment), go to pcflank (http://www.pcflank.com/), grc (https://www.grc.com/x/ne.dll?bh0bkyd2) or symantec (http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym,) and look at what is unstealthed or open.
As a minimum, you should have ports 23, 135, 137 to 139, 445 and 500 closed.