Our applications are build with basic XP compatibility. Thus creating a file in a directory w/o write permissions will instead put the file under AppData\local\VirtualStore and subsequent access to that file will also be redirected to that local-per-user directory. This is a bit surprising and also has the effect that it is possible to write a directory with insufficient permissions and later read the file - as long as this is done with a legacy 32 bit application. 64-bit applictions won't see the file then at the expected location.
My suggestion is to change all our tools to not make use of this virtualization features. According to Microsoft that feature will anyway be removed eventually.