Probably application pool has full access rights for VPP folders and files that where created by application, but it does not have write access to files that where not created by application (for example, when files where uploaded during site deployment).
Could you check if application pool identity account has full access rights (or at least write) for that specific file?
I receive an UnauthorizedAccessException when trying to upload and replace a file in File Manager.
The ApplicationPool user has full access to the files and folders, and the logged in EPiServer-user has full access. I can create new files, delete old, rename etc - but I cannot replace files.
[UnauthorizedAccessException: Access to the path '\\server\share$\MySite\Global\File.pdf' is denied.]
System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) +9723726
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath) +1142
System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share) +83
System.IO.FileInfo.Open(FileMode mode, FileAccess access, FileShare share) +37
EPiServer.Web.Hosting.NativeFile.Open(FileMode mode, FileAccess access, FileShare share) +24
EPiServer.Web.Hosting.UnifiedFile.Open(FileMode mode, FileAccess access) +15
EPiServer.UI.Hosting.UploadFile.ConfirmReplaceButton_Click(Object sender, EventArgs e) +357
EPiServer.UI.WebControls.ToolButton.OnClick(EventArgs e) +96
EPiServer.UI.WebControls.ToolButton.RaisePostBackEvent(String eventArgument) +161
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563