From the time of windows 8 there are yet new several drivers using kernel-mode rpc:
- CEA.sys - "Event Aggregation Kernel Mode Library". Use interface D09BDEB5-6171-4A34-BFE2-06FA82652568 from BrokerLib.dll
- fastfat.sys - use interface 04EEB297-CBF4-466B-8A2A-BFD6A2F10BBA from efssvc.dll
- wfplwfs.sys - "WFP NDIS 6.30 Lightweight Filter Driver". Use interface C605F9FB-F0A3-4E2A-A073-73560F8D9E3E from bisrv.dll