Burglary protection

Question about meterpeter (exe vs dll)?

Here is how it was.
I generated the meterpeter stuffing with aes256 and rc4.
Further, from one project on the git, I downloaded one file, where I replaced the shell with my own.
In general, the whole point boils down to the fact that you simply compile everything into a dll and that's it - here's an encrypted meterpeter for you. I compiled an exe and a dll next to it. Noooo! When I got a session with exe, the defender fired almost any of my actions and the session ended! And when I got the session through the dll (launched using rundll32.exe), then I could do whatever my heart desires! The scan didn't work either.
I don't understand why this is happening. What's the matter? Why does exe burn so much at the slightest gesture, and dll - not at all ???