I was on the computer when the power went out in my house. When I went to boot back up, my DSL box was flashing like a mad man. When I logged back on, A new rule was created that allowed a remote IP to access my

Process name is "C:\Windows\System32\wininit.exe".

after that I started getting all these alerts about remote IP address wanting to access wininit.exe

I went to program rules in my NAV2008 settings and checked wininit.exe  It was set as allow.

The alerts continued reporting remote IPS wanting to access my wininit.exe. So I removed it from the program list

and set up a program rule blocking inbound attempts from all PCs. Now my logs show constant entries indicating rule blocekd (various IP addresses) mostly coming through 49152

Should I change the rule to block port 49152? I checked netstat -b and there are no internal programs listening on that port