Thanks for your reply. We do have two production webservers (VMs) loadbalanced via a netscaler, but only one of the two sites is currently running in IIS due to an unrelated server license issue. So I suppose you could say that we have the infrastructure in place, but not being leveraged at the moment. No recent changes to the environment that I'm aware of, although I don't have physical access to the VM host, so I'll check to see.
It shouldn't be a problem going forward, since like I said I granted the appropriate IIS permissions, but I was just wondering what exactly it was used for, and what triggered its usage. However, it sounds like it's inconclusive as to why Kentico would attempt to access that file. I think I'll trying opening it in notepad and see what it was actually trying to do, assuming it's not an unreadable binary. Maybe that could lead to some further insights. Thanks again.