We have not yet seen false positives on Sig 4601 - CheckPoint Firewall RDP bypass.
The signature looks for specific binary pattern on UDP port 259, which is generally not in high use.
Do you have a Check Point Firewall installed ?
Can you send a log file of the alarm from the sensor to me to have a look at ?
thanks
Rohit