This question is true. These false positives are also called Type I errors. They are fake and waste the time of the administrator, and when too many of these events occur, the administrator may think everything is a false alarm and fail to respond to real threats.